Chainloading does not work on mirrored EFI partitions (w/mdadm)

Problem:
Red Hat’s official solution on redundant, mirrored EFI partitions works fine and creates two EFI partitions, both entries added to the boot list and the host is able to boot just fine (if I skip PXE boot): How to create a backup EFI partition as /boot/efi2 - Red Hat Customer Portal
I’ve gone through: UEFI booting and RAID1 « codeblog and confirmed the metadata is version 1.0 etc… (see details a bottom).

However the chainloader fails to boot from the EFI partition with this error:

image1131×816 107 KB

Expected outcome:
The chainloader should discover both EFI partitions and attempt to boot from them.

Foreman and Proxy versions:
satellite-6.14.4-1.el8sat.noarch / foreman-3.7.0.13-1.el8sat.noarch

Foreman and Proxy plugin versions:

Distribution and version:

root@iu-satellite:~# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.9 (Ootpa)
root@iu-satellite:~# uname -r
4.18.0-513.24.1.el8_9.x86_64

Other relevant data:

└─# blkid | grep efi
/dev/sdb2: UUID="1c88a982-9dda-5e55-51f6-c3b693b2cb63" UUID_SUB="718577ac-7355-5f04-5d4b-7155367b0cdb" LABEL="localhost.localdomain:efiboot" TYPE="linux_raid_member" PARTUUID="555284bb-bef3-459c-b844-bf2871f8e03a"
/dev/sdf2: UUID="1c88a982-9dda-5e55-51f6-c3b693b2cb63" UUID_SUB="f692a5ac-d796-c312-9759-c1d2c47b37e3" LABEL="localhost.localdomain:efiboot" TYPE="linux_raid_member" PARTUUID="cf13b9f4-9bcb-4631-9888-ac20db2f5610"
/dev/md126: SEC_TYPE="msdos" LABEL_FATBOOT="efiboot" LABEL="efiboot" UUID="5857-4F5A" BLOCK_SIZE="512" TYPE="vfat"

└─# mdadm  --detail /dev/md126
mdadm: Value "localhost.localdomain:boot" cannot be set as name. Reason: Not POSIX compatible. Value ignored.
mdadm: Value "localhost.localdomain:efiboot" cannot be set as name. Reason: Not POSIX compatible. Value ignored.
mdadm: Value "localhost.localdomain:os_pv" cannot be set as name. Reason: Not POSIX compatible. Value ignored.
/dev/md126:
           Version : 1.0
     Creation Time : Tue Jun  4 17:57:20 2024
        Raid Level : raid1
        Array Size : 524224 (511.94 MiB 536.81 MB)
     Used Dev Size : 524224 (511.94 MiB 536.81 MB)
      Raid Devices : 2
     Total Devices : 2
       Persistence : Superblock is persistent

     Intent Bitmap : Internal

       Update Time : Tue Jun  4 20:44:07 2024
             State : clean
    Active Devices : 2
   Working Devices : 2
    Failed Devices : 0
     Spare Devices : 0

Consistency Policy : bitmap

              Name : localhost.localdomain:efiboot
              UUID : 1c88a982:9dda5e55:51f6c3b6:93b2cb63
            Events : 48

    Number   Major   Minor   RaidDevice State
       0       8       82        0      active sync   /dev/sdf2
       1       8       18        1      active sync   /dev/sdb2

└─# file -s /dev/sdb2
/dev/sdb2: DOS/MBR boot sector, code offset 0x3c+2, OEM-ID "mkfs.fat", sectors/cluster 16, reserved sectors 16, root entries 512, Media descriptor 0xf8, sectors/FAT 256, sectors/track 4, sectors 1048448 (volumes > 32 MB), serial number 0x58574f5a, label: "efiboot    ", FAT (16 bit)

└─# file -s /dev/sdf2
/dev/sdf2: DOS/MBR boot sector, code offset 0x3c+2, OEM-ID "mkfs.fat", sectors/cluster 16, reserved sectors 16, root entries 512, Media descriptor 0xf8, sectors/FAT 256, sectors/track 4, sectors 1048448 (volumes > 32 MB), serial number 0x58574f5a, label: "efiboot    ", FAT (16 bit)

└─# efibootmgr
BootCurrent: 0011
Timeout: 3 seconds
BootOrder: 0011,0004,0005,0006,0007,0008,0009,000B,000C,000D,000E,000F,0010,0001,0000,0003
Boot0000* Red Hat Enterprise Linux      HD(2,GPT,cf13b9f4-9bcb-4631-9888-ac20db2f5610,0x200800,0x100000)/File(\EFI\redhat\shimx64.efi)
Boot0001* Red Hat Enterprise Linux      HD(2,GPT,555284bb-bef3-459c-b844-bf2871f8e03a,0x200800,0x100000)/File(\EFI\redhat\shimx64.efi)
Boot0003* UEFI: Built-in EFI Shell      VenMedia(5023b95c-db26-429b-a648-bd47664c8012)0000424f
Boot0004* UEFI: HTTP IPv4 Intel(R) Ethernet Controller X550     PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x0)/MAC(502fa8c79dca,1)/IPv4(0.0.0.00.0.0.0,0,0)/Uri()0000424f
Boot0005* UEFI: PXE IPv4 Intel(R) Ethernet Controller X550      PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x0)/MAC(502fa8c79dca,1)/IPv4(0.0.0.00.0.0.0,0,0)0000424f
Boot0006* UEFI: HTTP IPv6 Intel(R) Ethernet Controller X550     PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x0)/MAC(502fa8c79dca,1)/IPv6([::]:<->[::]:,0,0)/Uri()0000424f
Boot0007* UEFI: HTTP IPv4 Intel(R) Ethernet Controller X550     PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x1)/MAC(502fa8c79dcb,1)/IPv4(0.0.0.00.0.0.0,0,0)/Uri()0000424f
Boot0008* UEFI: PXE IPv4 Intel(R) Ethernet Controller X550      PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x1)/MAC(502fa8c79dcb,1)/IPv4(0.0.0.00.0.0.0,0,0)0000424f
Boot0009* UEFI: HTTP IPv6 Intel(R) Ethernet Controller X550     PciRoot(0x0)/Pci(0x1c,0x0)/Pci(0x0,0x1)/MAC(502fa8c79dcb,1)/IPv6([::]:<->[::]:,0,0)/Uri()0000424f
Boot000B* UEFI: HTTP IPv4 Cisco NIC c0:2c:17:2e:24:ac   PciRoot(0x3)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/MAC(c02c172e24ac,0)/IPv4(0.0.0.00.0.0.0,0,0)/Uri()0000424f
Boot000C* UEFI: PXE IPv4 Cisco NIC c0:2c:17:2e:24:ac    PciRoot(0x3)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/MAC(c02c172e24ac,0)/IPv4(0.0.0.00.0.0.0,0,0)0000424f
Boot000D* UEFI: HTTP IPv6 Cisco NIC c0:2c:17:2e:24:ac   PciRoot(0x3)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/MAC(c02c172e24ac,0)/IPv6([::]:<->[::]:,0,0)/Uri()0000424f
Boot000E* UEFI: HTTP IPv4 Cisco NIC c0:2c:17:2e:24:ad   PciRoot(0x3)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x0,0x1)/MAC(c02c172e24ad,0)/IPv4(0.0.0.00.0.0.0,0,0)/Uri()0000424f
Boot000F* UEFI: PXE IPv4 Cisco NIC c0:2c:17:2e:24:ad    PciRoot(0x3)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x0,0x1)/MAC(c02c172e24ad,0)/IPv4(0.0.0.00.0.0.0,0,0)0000424f
Boot0010* UEFI: HTTP IPv6 Cisco NIC c0:2c:17:2e:24:ad   PciRoot(0x3)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x1,0x0)/Pci(0x0,0x0)/Pci(0x0,0x0)/Pci(0x0,0x1)/MAC(c02c172e24ad,0)/IPv6([::]:<->[::]:,0,0)/Uri()0000424f
Boot0011* UEFI: Cisco vKVM-Mapped vDVD1.24      PciRoot(0x0)/Pci(0x14,0x0)/USB(5,0)/USB(2,0)/CDROM(1,0x80b,0x800)0000424f
MirroredPercentageAbove4G: 0.00
MirrorMemoryBelow4GB: false

└─# efibootmgr -v # NOTE: I removed non-relevant entries from the verbose output
BootCurrent: 0011
Timeout: 3 seconds
BootOrder: 0011,0004,0005,0006,0007,0008,0009,000B,000C,000D,000E,000F,0010,0001,0000,0003
Boot0000* Red Hat Enterprise Linux      HD(2,GPT,cf13b9f4-9bcb-4631-9888-ac20db2f5610,0x200800,0x100000)/File(\EFI\redhat\shimx64.efi)
      dp: 04 01 2a 00 02 00 00 00 00 08 20 00 00 00 00 00 00 00 10 00 00 00 00 00 f4 b9 13 cf cb 9b 31 46 98 88 ac 20 db 2f 56 10 02 02 / 04 04 34 00 5c 00 45 00 46 00 49 00 5c 00 72 00 65 00 64 00 68 00 61 00 74 00 5c 00 73 00 68 00 69 00 6d 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 00 00 / 7f ff 04 00
Boot0001* Red Hat Enterprise Linux      HD(2,GPT,555284bb-bef3-459c-b844-bf2871f8e03a,0x200800,0x100000)/File(\EFI\redhat\shimx64.efi)
      dp: 04 01 2a 00 02 00 00 00 00 08 20 00 00 00 00 00 00 00 10 00 00 00 00 00 bb 84 52 55 f3 be 9c 45 b8 44 bf 28 71 f8 e0 3a 02 02 / 04 04 34 00 5c 00 45 00 46 00 49 00 5c 00 72 00 65 00 64 00 68 00 61 00 74 00 5c 00 73 00 68 00 69 00 6d 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 00 00 / 7f ff 04 00

Kickstart partition config that was used:

bootloader --location=mbr --append="nofb quiet splash=quiet"

# Clear the Master Boot Record
zerombr

# Partition clearing information
clearpart --all --initlabel --disklabel=gpt

## /boot
part raid.01    --fstype="mdmember" --size=1024 --ondisk="/dev/sdk"
part raid.02    --fstype="mdmember" --size=1024 --ondisk="/dev/sdl"
raid /boot      --level=1 --device=boot --label=boot --fstype="xfs" raid.01 raid.02

## /boot/efi
part raid.11    --fstype="mdmember" --size=512 --ondisk="/dev/sdk"
part raid.12    --fstype="mdmember" --size=512 --ondisk="/dev/sdl"
raid /boot/efi  --level=1 --device=efiboot --label=efiboot --fstype="efi" raid.11 raid.12

## /
part raid.21    --fstype="mdmember" --size=1 --ondisk="/dev/sdk" --grow
part raid.22    --fstype="mdmember" --size=1 --ondisk="/dev/sdl" --grow
raid pv.01      --level=1 --device=os_pv --label=os_pv raid.21 raid.22

## Additional data disks
part pv.data.0 --size=1 --ondisk="/dev/sda" --grow
part pv.data.1 --size=1 --ondisk="/dev/sdb" --grow
part pv.data.2 --size=1 --ondisk="/dev/sdc" --grow
part pv.data.3 --size=1 --ondisk="/dev/sde" --grow
part pv.data.4 --size=1 --ondisk="/dev/sdf" --grow
part pv.data.5 --size=1 --ondisk="/dev/sdg" --grow
part pv.data.6 --size=1 --ondisk="/dev/sdh" --grow
part pv.data.7 --size=1 --ondisk="/dev/sdi" --grow
volgroup vg_data pv.data.0 pv.data.1 pv.data.2 pv.data.3 pv.data.4 pv.data.5 pv.data.6 pv.data.7
logvol /data --fstype="xfs" --size=1 --name=lv_data --vgname=vg_data --grow

# Create volume group for OS
volgroup vg.01 pv.01

# Create logical volumes for OS
logvol /                  --name=lv_root           --vgname=vg.01 --size=15360 --fstype=xfs
logvol /var               --name=lv_var            --vgname=vg.01 --size=20480 --fstype=xfs --fsoptions="nodev,nosuid"
logvol /var/log           --name=lv_var_log        --vgname=vg.01 --size=20480 --fstype=xfs --fsoptions="nodev,noexec,nosuid"
logvol /tmp               --name=lv_tmp            --vgname=vg.01 --size=20480 --fstype=xfs --fsoptions="nodev,noexec,nosuid"
logvol /var/log/audit     --name=lv_var_log_audit  --vgname=vg.01 --size=4096  --fstype=xfs --fsoptions="nodev,noexec,nosuid"

root@iu-satellite:/var/log# cat /var/lib/tftpboot/grub2/grub.cfg-01-c0-2c-17-2e-24-ac
set default=local
set timeout=20
echo Default PXE local template entry is set to 'local'

insmod part_gpt
insmod fat
insmod chain

echo "VMWare hosts with QuickBoot feature enabled may not find the local ESP"
echo "partition due to not initializing all the EFI devices. To workaround, upgrade"
echo "to the latest grub2 (*) and uncomment "connectefi scsi" statement in the"
echo "grub2_chainload template."
echo
echo "Virtual or physical hosts using Software RAID for the ESP partition may try"
echo "booting on the Software RAID, which will fail. To workaround, upgrade to the"
echo "latest grub2 (*) and add "--efidisk-only" argument to the "search" command in"
echo "the grub2_chainload template."
echo
echo "(*) grub2-efi-x64-2.02-122.el8 (upstream doesn't have the patches yet)"
echo
#connectefi scsi

menuentry 'Chainload Grub2 EFI from ESP' --id local_chain_hd0 {
  echo "Chainloading Grub2 EFI from ESP, enabled devices for booting:"
  ls
  echo "Trying /EFI/fedora/shim.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/fedora/shim.efi
  if [ -f ($chroot)/EFI/fedora/shim.efi ]; then
    chainloader ($chroot)/EFI/fedora/shim.efi
    echo "Found /EFI/fedora/shim.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/fedora/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/fedora/grubx64.efi
  if [ -f ($chroot)/EFI/fedora/grubx64.efi ]; then
    chainloader ($chroot)/EFI/fedora/grubx64.efi
    echo "Found /EFI/fedora/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/redhat/shim.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/redhat/shim.efi
  if [ -f ($chroot)/EFI/redhat/shim.efi ]; then
    chainloader ($chroot)/EFI/redhat/shim.efi
    echo "Found /EFI/redhat/shim.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/redhat/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/redhat/grubx64.efi
  if [ -f ($chroot)/EFI/redhat/grubx64.efi ]; then
    chainloader ($chroot)/EFI/redhat/grubx64.efi
    echo "Found /EFI/redhat/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/centos/shim.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/centos/shim.efi
  if [ -f ($chroot)/EFI/centos/shim.efi ]; then
    chainloader ($chroot)/EFI/centos/shim.efi
    echo "Found /EFI/centos/shim.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/centos/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/centos/grubx64.efi
  if [ -f ($chroot)/EFI/centos/grubx64.efi ]; then
    chainloader ($chroot)/EFI/centos/grubx64.efi
    echo "Found /EFI/centos/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/rocky/shim.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/rocky/shim.efi
  if [ -f ($chroot)/EFI/rocky/shim.efi ]; then
    chainloader ($chroot)/EFI/rocky/shim.efi
    echo "Found /EFI/rocky/shim.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/rocky/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/rocky/grubx64.efi
  if [ -f ($chroot)/EFI/rocky/grubx64.efi ]; then
    chainloader ($chroot)/EFI/rocky/grubx64.efi
    echo "Found /EFI/rocky/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/debian/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/debian/grubx64.efi
  if [ -f ($chroot)/EFI/debian/grubx64.efi ]; then
    chainloader ($chroot)/EFI/debian/grubx64.efi
    echo "Found /EFI/debian/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/ubuntu/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/ubuntu/grubx64.efi
  if [ -f ($chroot)/EFI/ubuntu/grubx64.efi ]; then
    chainloader ($chroot)/EFI/ubuntu/grubx64.efi
    echo "Found /EFI/ubuntu/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/sles/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/sles/grubx64.efi
  if [ -f ($chroot)/EFI/sles/grubx64.efi ]; then
    chainloader ($chroot)/EFI/sles/grubx64.efi
    echo "Found /EFI/sles/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/opensuse/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/opensuse/grubx64.efi
  if [ -f ($chroot)/EFI/opensuse/grubx64.efi ]; then
    chainloader ($chroot)/EFI/opensuse/grubx64.efi
    echo "Found /EFI/opensuse/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/Microsoft/boot/bootmgfw.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/Microsoft/boot/bootmgfw.efi
  if [ -f ($chroot)/EFI/Microsoft/boot/bootmgfw.efi ]; then
    chainloader ($chroot)/EFI/Microsoft/boot/bootmgfw.efi
    echo "Found /EFI/Microsoft/boot/bootmgfw.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Partition with known EFI file not found, you may want to drop to grub shell"
  echo "and investigate available files updating 'pxegrub2_chainload' template and"
  echo "the list of known filepaths for probing. Available devices are:"
  echo
  ls
  echo
  echo "If you cannot see the HDD, make sure the drive is marked as bootable in EFI and"
  echo "not hidden. Boot order must be the following:"
  echo "1) NETWORK"
  echo "2) HDD"
  echo
  echo "The system will poweroff in 2 minutes or press ESC to poweroff immediately."
  sleep -i 120
  halt
}

menuentry 'Chainload into BIOS bootloader on first disk' --id local_chain_legacy_hd0 {
  set root=(hd0,0)
  chainloader +1
  boot
}

menuentry 'Chainload into BIOS bootloader on second disk' --id local_chain_legacy_hd1 {
  set root=(hd1,0)
  chainloader +1
  boot
}

common="rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nokaslr nomodeset proxy.url=https://iu-satellite.domain.com proxy.type=foreman BOOTIF=01-$net_default_mac"

if [ ${grub_platform} == "pc" ]; then
  menuentry 'Foreman Discovery Image' --id discovery {
    linux boot/fdi-image/vmlinuz0 ${common}
    initrd boot/fdi-image/initrd0.img
  }
else
  menuentry 'Foreman Discovery Image EFI' --id discovery {
    linuxefi boot/fdi-image/vmlinuz0 ${common}
    initrdefi boot/fdi-image/initrd0.img
  }
fi

root@iu-satellite:/var/log#

Red Hat support recommended uncommenting the “connectefi scsi” line. That did work, but after upgrading from Satellite 6.14 to 6.15 that stopped working (it could be unrelated to the upgrade, maybe someone made changes to some templates while I was on vacation). I tried updating grubx64.efi in /var/lib/tftpboot/grub2 to grub 2.06 (was grub 2.02) but that didn’t change anything.

@lzap do you know anything about this? Have you tried chainloading from mdadm raid1 EFI partitions?

Hey @hakong, a short question just to be sure: Is the connectefi scsi line still uncommented after upgrading Satellite?

Yes, I’m using a custom template. I’ve changed the one pasted above. I’ve also tried the steps to manually boot from grub, but that won’t work anymore.

     grub> ls
     grub> unset chroot
     grub> connectefi scsi
     grub> search --file --no-floppy --set=chroot /EFI/redhat/grubx64.efi
     grub> ls ($chroot)
     grub> ls ($chroot)/EFI/redhat/
     grub> chainloader  ($chroot)/EFI/redhat/grubx64.efi
     grub> boot

image921×693 115 KB

This is the template for the given host now:

user@iu-satellite:/var/lib/tftpboot$ cat /var/lib/tftpboot/grub2/grub.cfg-01-c0-2c-17-2e-24-ac


set default=local
set timeout=20
echo Default PXE local template entry is set to 'local'

# To load MAC-based config explicitly, a MAC address separated by dash chars is needed.
# Also due to bug in RHEL 7.4 files are loaded with an extra ":" character at the end.
# This workarounds both cases, make sure "regexp.mod" file is present on the TFTP.
# For more info see: https://bugzilla.redhat.com/show_bug.cgi?id=1370642#c70
insmod regexp
regexp --set=1:m1 --set=2:m2 --set=3:m3 --set=4:m4 --set=5:m5 --set=6:m6 '^([0-9a-f]{1,2})\:([0-9a-f]{1,2})\:([0-9a-f]{1,2})\:([0-9a-f]{1,2})\:([0-9a-f]{1,2})\:([0-9a-f]{1,2})' "$net_default_mac"
mac=${m1}-${m2}-${m3}-${m4}-${m5}-${m6}
insmod part_gpt
insmod fat
insmod chain

echo "VMWare hosts with QuickBoot feature enabled may not find the local ESP"
echo "partition due to not initializing all the EFI devices. To workaround, upgrade"
echo "to the latest grub2 (*) and uncomment "connectefi scsi" statement in the"
echo "grub2_chainload template."
echo
echo "Virtual or physical hosts using Software RAID for the ESP partition may try"
echo "booting on the Software RAID, which will fail. To workaround, upgrade to the"
echo "latest grub2 (*) and add "--efidisk-only" argument to the "search" command in"
echo "the grub2_chainload template."
echo
echo "(*) grub2-efi-x64-2.02-122.el8 (upstream doesn't have the patches yet)"
echo

connectefi scsi # enabled for efi booting from mdadm raid1 efi partitions. see case https://access.redhat.com/support/cases/#/case/03833976

menuentry 'Chainload Grub2 EFI from ESP' --id local_chain_hd0 {
  echo "Chainloading Grub2 EFI from ESP, enabled devices for booting:"
  ls
  echo "Trying /EFI/fedora/shim.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/fedora/shim.efi
  if [ -f ($chroot)/EFI/fedora/shim.efi ]; then
    chainloader ($chroot)/EFI/fedora/shim.efi
    echo "Found /EFI/fedora/shim.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/fedora/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/fedora/grubx64.efi
  if [ -f ($chroot)/EFI/fedora/grubx64.efi ]; then
    chainloader ($chroot)/EFI/fedora/grubx64.efi
    echo "Found /EFI/fedora/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/redhat/shim.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/redhat/shim.efi
  if [ -f ($chroot)/EFI/redhat/shim.efi ]; then
    chainloader ($chroot)/EFI/redhat/shim.efi
    echo "Found /EFI/redhat/shim.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/redhat/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/redhat/grubx64.efi
  if [ -f ($chroot)/EFI/redhat/grubx64.efi ]; then
    chainloader ($chroot)/EFI/redhat/grubx64.efi
    echo "Found /EFI/redhat/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/centos/shim.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/centos/shim.efi
  if [ -f ($chroot)/EFI/centos/shim.efi ]; then
    chainloader ($chroot)/EFI/centos/shim.efi
    echo "Found /EFI/centos/shim.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/centos/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/centos/grubx64.efi
  if [ -f ($chroot)/EFI/centos/grubx64.efi ]; then
    chainloader ($chroot)/EFI/centos/grubx64.efi
    echo "Found /EFI/centos/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/rocky/shim.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/rocky/shim.efi
  if [ -f ($chroot)/EFI/rocky/shim.efi ]; then
    chainloader ($chroot)/EFI/rocky/shim.efi
    echo "Found /EFI/rocky/shim.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/rocky/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/rocky/grubx64.efi
  if [ -f ($chroot)/EFI/rocky/grubx64.efi ]; then
    chainloader ($chroot)/EFI/rocky/grubx64.efi
    echo "Found /EFI/rocky/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/debian/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/debian/grubx64.efi
  if [ -f ($chroot)/EFI/debian/grubx64.efi ]; then
    chainloader ($chroot)/EFI/debian/grubx64.efi
    echo "Found /EFI/debian/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/ubuntu/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/ubuntu/grubx64.efi
  if [ -f ($chroot)/EFI/ubuntu/grubx64.efi ]; then
    chainloader ($chroot)/EFI/ubuntu/grubx64.efi
    echo "Found /EFI/ubuntu/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/sles/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/sles/grubx64.efi
  if [ -f ($chroot)/EFI/sles/grubx64.efi ]; then
    chainloader ($chroot)/EFI/sles/grubx64.efi
    echo "Found /EFI/sles/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/opensuse/grubx64.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/opensuse/grubx64.efi
  if [ -f ($chroot)/EFI/opensuse/grubx64.efi ]; then
    chainloader ($chroot)/EFI/opensuse/grubx64.efi
    echo "Found /EFI/opensuse/grubx64.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  echo "Trying /EFI/Microsoft/boot/bootmgfw.efi "
  unset chroot
  # add --efidisk-only when using Software RAID
  search --file --no-floppy --set=chroot /EFI/Microsoft/boot/bootmgfw.efi
  if [ -f ($chroot)/EFI/Microsoft/boot/bootmgfw.efi ]; then
    chainloader ($chroot)/EFI/Microsoft/boot/bootmgfw.efi
    echo "Found /EFI/Microsoft/boot/bootmgfw.efi at $chroot, attempting to chainboot it..."
    sleep 2
    boot
  fi
  # echo Partition with known EFI file not found, you may want to drop to grub shell
  # echo and investigate available files updating '0_custom_pxegrub2_chainload' template and
  # echo the list of known filepaths for probing. Contents of \EFI directory:
  # ls ($chroot)/EFI
  # echo The system will now attempt to perform discovery.
  # sleep -i 10
  #   linuxefi boot/fdi-image/vmlinuz0 rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nomodeset proxy.url=https://iu-satellite.domain.com proxy.type=foreman BOOTIF=01-$mac fdi.zips=oem_strings.zip
  initrdefi boot/fdi-image/initrd0.img
}

menuentry 'Chainload into BIOS bootloader on first disk' --id local_chain_legacy_hd0 {
  set root=(hd0,0)
  chainloader +1
  boot
}

menuentry 'Chainload into BIOS bootloader on second disk' --id local_chain_legacy_hd1 {
  set root=(hd1,0)
  chainloader +1
  boot
}

menuentry 'Foreman Discovery Image' --id discovery {
  linuxefi boot/fdi-image/vmlinuz0 rootflags=loop root=live:/fdi.iso rootfstype=auto ro rd.live.image acpi=force rd.luks=0 rd.md=0 rd.dm=0 rd.lvm=0 rd.bootif=0 rd.neednet=0 nomodeset proxy.url=https://iu-satellite.domain.com proxy.type=foreman BOOTIF=01-$mac fdi.zips=oem_strings.zip
  initrdefi boot/fdi-image/initrd0.img

Hi.

Does chainloader work when using direct block device path instead of md path? (something like (hd0,gpt1)/EFI/redhat/grubx64.efi)?

This is a baremetal host, correct? Maybe there is also some equivalent option in the BIOS to “quick boot/initialization” in VMware. Disabling it might work as it does for VMware VMs.

However, I assume connectefi scsi is not working here correctly with the software raid. Therefor you get this not a valid root device when executing chainloader command.

As said, please try to use direct block device path to double check this assumption (try without and with connectefi scsi executed before, latter should then work).

As “workaround” you could also try to load the local GRUB2 configuration from disk instead of chainloading (assuming SecureBoot is disabled), see the PR for configuration below.

We currently work on this as default behavior in upstream Foreman because of SecureBoot integration (Fixes #37653 - Always load local disk's GRUB2 configuration by goarsna · Pull Request #10247 · theforeman/foreman · GitHub).

Just saw the following comment:

Have you tried to add --efidisk-only option to search?

Does chainloader work when using direct block device path instead of md path? (something like (hd0,gpt1)/EFI/redhat/grubx64.efi)?

Looks like that works, yes.

image1029×789 83.1 KB

After pressing enter on ‘boot’, the host boots successfully.

This host is a Cisco UCS C240 M5SX. I haven’t found anything relating to quick boot/init for these servers other than relating to ESXi servers, but this is running RHEL 9.4.

SecureBoot is disabled.

Screenshot 2024-08-22 1312391269×1143 61.8 KB

Screenshot 2024-08-22 1312511174×996 43 KB

Screenshot 2024-08-22 131319898×577 30.8 KB

Screenshot 2024-08-22 1313141258×745 37 KB

Screenshot 2024-08-22 1313051156×896 30.8 KB

Screenshot 2024-08-22 1313341010×616 29.4 KB

Screenshot 2024-08-22 1313291508×792 48.3 KB

Screenshot 2024-08-22 1313241237×915 53.1 KB

At first glance --efidisk-only seems to work too.

Edit: I’ll test it again to be sure.

It worked again. --efidisk-only seems to be the solution.

I will add this to our template. Thank you!

Do you know if adding --efidisk-only breaks booting from other non-efi or non-software raid setups? Will I need an if statement detecting software-raid EFI and use --efidisk-only only there?

I don’t think this will break something.

Please mark the comment with the --efidisk-only option as solution so that other can find it quickly. Thanks.

I did! Thank you.