UEFI boot entry referencing /boot/efi/EFI/almalinux/shimx64.efi doesn't get created

[cschug]

On UEFI hardware as of rev. c545a5b, almalinux-deploy.sh doesn't handle the changed boot loader path /boot/efi/EFI/almalinux/. When migrating from CentOS to AlmaLinux this wasn't an issue up to AlmaLinux 8.3-rc where the path was still /boot/efi/EFI/centos/ but it is now with the final release as no new UEFI boot entry gets created. If one reboots after running almalinux-deploy.sh, UEFI systems won't come up again.

it's a bit late today for me to come up with a fully tested PR, but the basic idea for UEFI systems would be something like

# Determine the UUID of the file system currently mounted at /boot/efi
boot_efi_uuid=`lsblk -no PARTUUID,MOUNTPOINT | awk '$2 == "/boot/efi" { print $1 }'`

# Get all bootnum IDs referencing the currently mounted /boot/efi and remove those entries
efibootmgr -v | awk -F '\t' -v boot_efi_uuid="$boot_efi_uuid" '$1 ~ /^Boot[0-9A-F]{4}/ && match($2, ",GPT,"boot_efi_uuid",") { print substr($1, 5, 4) }' | \
while read boot_entry; do
    efibootmgr -q -b "$boot_entry" -B
done

# Create a new boot entry with label AlmaLinux referencing our shimx64.efi
efibootmgr -c -L AlmaLinux -l '\EFI\almalinux\shimx64.efi'

[andrewlukoshko]

Hello!
Sure updating boot entries is something we would like to have so we'll wait for your PR.

However are you sure the systems won't come up again after reboot? Is updating boot entries mandatory?
Our testing shows UEFI firmware finds bootloader even if there is no boot entry with path to it.
I believe it finds /boot/efi/EFI/BOOT/BOOTX64.EFI which is actually a shimx64.efi with another filename and location.

The only thing we had to do is to place grub configuration to new location:

almalinux-deploy/almalinux-deploy.sh

Line 325 in c545a5b

grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg

In Oracle's centos2ol conversion script we can see quite similar lines:
https://github.com/oracle/centos2ol/blob/930ac724e669bf39b2159006eb8437040ea6fef3/centos2ol.sh#L567
CentOS has centos efidir and OL has redhat so they have the same problem but still do nothing with boot entries.

So I'm not sure that current almalinux-deploy.sh really breaks systems but I'm sure everyone would definitely like to see correct boot entries after migration so thank you for your proposal.
I'll try to test it too.

[cschug]

Hi Andrew, I'm a little bit short of time today for a detailed response because of Easter and I'm driving over to my family (Happy Easter! BTW). But to be clear, without adjusting the boot record my UEFI test systems doesn't come up running almalinux-deploy.sh and rebooting. I left a comment on Reddit yesterday. I will follow up tomorrow, thanks for your reply.

[cschug]

Sorry for coming back so late, the week has just been very busy. To reproduce, I just did again a fresh installation of CentOS 8.3 (PXE boot Kickstart from a as of today up-to-date local mirror) on real UEFI hardware (no VM, it's a Fujitsu Esprimo Q920).

Hardware details:

# grep ^ /sys/devices/virtual/dmi/id/{sys_vendor,product_name,bios_{vendor,version},board_name}
/sys/devices/virtual/dmi/id/sys_vendor:FUJITSU
/sys/devices/virtual/dmi/id/product_name:ESPRIMO Q920
/sys/devices/virtual/dmi/id/bios_vendor:FUJITSU // American Megatrends Inc.
/sys/devices/virtual/dmi/id/bios_version:V4.6.5.4 R1.46.0 for D3233-A1x
/sys/devices/virtual/dmi/id/board_name:D3233-A1

This is the content of /boot/ directly after the installation of CentOS 8.3:

# find /boot/ -ls
      128      4 dr-xr-xr-x   5  root     root         4096 Apr 11 11:54 /boot/
        1      4 drwx------   3  root     root         4096 Jan  1  1970 /boot/efi
        4      4 drwx------   4  root     root         4096 Apr 11 11:49 /boot/efi/EFI
        7      4 drwx------   2  root     root         4096 Apr 11 11:50 /boot/efi/EFI/BOOT
       22   1216 -rwx------   1  root     root      1244496 Aug  1  2020 /boot/efi/EFI/BOOT/BOOTX64.EFI
       23    356 -rwx------   1  root     root       362264 Aug  1  2020 /boot/efi/EFI/BOOT/fbx64.efi
       10      4 drwx------   3  root     root         4096 Apr 11 11:53 /boot/efi/EFI/centos
       31   1212 -rwx------   1  root     root      1238416 Aug  1  2020 /boot/efi/EFI/centos/shimx64-centos.efi
       32      4 -rwx------   1  root     root          134 Aug  1  2020 /boot/efi/EFI/centos/BOOTX64.CSV
       33   1136 -rwx------   1  root     root      1162400 Aug  1  2020 /boot/efi/EFI/centos/mmx64.efi
       19      4 drwx------   2  root     root         4096 Mar  2 21:51 /boot/efi/EFI/centos/fonts
       34   1860 -rwx------   1  root     root      1902360 Mar  2 21:51 /boot/efi/EFI/centos/grubx64.efi
       35      4 -rwx------   1  root     root         1024 Apr 11 11:53 /boot/efi/EFI/centos/grubenv
       36   1216 -rwx------   1  root     root      1244496 Aug  1  2020 /boot/efi/EFI/centos/shimx64.efi
       37      8 -rwx------   1  root     root         6635 Apr 11 11:53 /boot/efi/EFI/centos/grub.cfg
  1048704      0 drwx------   2  root     root           21 Apr 11 11:53 /boot/grub2
  1048705      0 lrwxrwxrwx   1  root     root           25 Mar  2 21:51 /boot/grub2/grubenv -> ../efi/EFI/centos/grubenv
  2117760      0 drwxr-xr-x   3  root     root           21 Apr 11 11:50 /boot/loader
  3145856      0 drwx------   2  root     root          134 Apr 11 11:52 /boot/loader/entries
  3145857      4 -rw-r--r--   1  root     root          351 Apr 11 11:52 /boot/loader/entries/5bb2ffb1e33246d9be2955711d531c63-4.18.0-240.22.1.el8_3.x86_64.conf
  3145859      4 -rw-r--r--   1  root     root          388 Apr 11 11:52 /boot/loader/entries/5bb2ffb1e33246d9be2955711d531c63-0-rescue.conf
      132   9264 -rwxr-xr-x   1  root     root      9485448 Apr  8 21:09 /boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64
      133   3944 -rw-------   1  root     root      4034919 Apr  8 21:09 /boot/System.map-4.18.0-240.22.1.el8_3.x86_64
      134    188 -rw-r--r--   1  root     root       189466 Apr  8 21:09 /boot/config-4.18.0-240.22.1.el8_3.x86_64
      135      4 -rw-r--r--   1  root     root          173 Apr  8 21:09 /boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac
      136  33584 -rw-------   1  root     root     34389279 Apr 11 11:53 /boot/initramfs-4.18.0-240.22.1.el8_3.x86_64.img
      137   9264 -rwxr-xr-x   1  root     root      9485448 Apr 11 11:51 /boot/vmlinuz-0-rescue-5bb2ffb1e33246d9be2955711d531c63
      138  74204 -rw-------   1  root     root     75983345 Apr 11 11:52 /boot/initramfs-0-rescue-5bb2ffb1e33246d9be2955711d531c63.img
      139  19228 -rw-------   1  root     root     19685958 Apr 11 11:54 /boot/initramfs-4.18.0-240.22.1.el8_3.x86_64kdump.img

As you stated, /boot/efi/EFI/BOOT/BOOTX64.EFI is indeed a copy of /boot/efi/EFI/centos/shimx64.efi with identical content:

# sha512sum /boot/efi/EFI/BOOT/BOOTX64.EFI /boot/efi/EFI/centos/shimx64.efi
35c1aff3c70e2785267de2bcfb2b03068f450105f39c1a28fec40321293c604922a69546699ad486a51d74c16c352c4428bdd7c9e50ce3e63c36c2395a17386c  /boot/efi/EFI/BOOT/BOOTX64.EFI
35c1aff3c70e2785267de2bcfb2b03068f450105f39c1a28fec40321293c604922a69546699ad486a51d74c16c352c4428bdd7c9e50ce3e63c36c2395a17386c  /boot/efi/EFI/centos/shimx64.efi

Nevertheless, it is /boot/EFI/centos/shimx64.efi which gets referenced in the EFI boot entries (this record has been added during Kickstart by Anaconda as specified per bootloader directive):

# lsblk -no PARTUUID,MOUNTPOINT | awk '$2 == "/boot/efi" { print $1 }'
9ad1157f-6e7c-4487-b2c5-f29860db86a5

# efibootmgr -v
BootCurrent: 0003
Timeout: 1 seconds
BootOrder: 0003,0001,0000
Boot0000* Diagnostic Program    MemoryMapped(11,0xcac20004,0xcb538003)/FvFile(6f1cf8df-2398-4b3b-aaa6-35d97d4a76e9)
Boot0001* UEFI: IP4 Intel(R) Ethernet Connection I217-LM        PciRoot(0x0)/Pci(0x19,0x0)/MAC(901b0e1fef8d,0)/IPv4(0.0.0.00.0.0.0,0,0)..BO
Boot0003* CentOS Linux  HD(1,GPT,9ad1157f-6e7c-4487-b2c5-f29860db86a5,0x800,0x100000)/File(\EFI\centos\shimx64.efi)

As the development of almalinux-deploy.sh and we don't have to do any guessing which revision we are talking about, I pick the version of the latest (as of now) revision, which is 68f579d:

# curl -sO https://raw.githubusercontent.com/AlmaLinux/almalinux-deploy/68f579d/almalinux-deploy.sh

# sha512sum almalinux-deploy.sh 
70ad40a4236fe016135c66b4db00228886b56f15b634acc76cb02b36dfedb9391c3ec422e82523470788414208504a3333550429447630cac3ee1b64f6197655  almalinux-deploy.sh

# bash ./almalinux-deploy.sh 
Check root privileges                                                 OK
Check Secure Boot disabled                                            OK
Check centos-8.x86_64 is supported                                    OK
Download RPM-GPG-KEY-AlmaLinux                                        OK
Import RPM-GPG-KEY-AlmaLinux to RPM DB                                OK
Download almalinux-release package                                    OK
Verify almalinux-release package                                      OK
warning: /etc/yum.repos.d/CentOS-Linux-Sources.repo saved as /etc/yum.repos.d/CentOS-Linux-Sources.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-PowerTools.repo saved as /etc/yum.repos.d/CentOS-Linux-PowerTools.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-Plus.repo saved as /etc/yum.repos.d/CentOS-Linux-Plus.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-Media.repo saved as /etc/yum.repos.d/CentOS-Linux-Media.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-HighAvailability.repo saved as /etc/yum.repos.d/CentOS-Linux-HighAvailability.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-FastTrack.repo saved as /etc/yum.repos.d/CentOS-Linux-FastTrack.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-Extras.repo saved as /etc/yum.repos.d/CentOS-Linux-Extras.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-Devel.repo saved as /etc/yum.repos.d/CentOS-Linux-Devel.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-Debuginfo.repo saved as /etc/yum.repos.d/CentOS-Linux-Debuginfo.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-ContinuousRelease.repo saved as /etc/yum.repos.d/CentOS-Linux-ContinuousRelease.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-BaseOS.repo saved as /etc/yum.repos.d/CentOS-Linux-BaseOS.repo.rpmsave
warning: /etc/yum.repos.d/CentOS-Linux-AppStream.repo saved as /etc/yum.repos.d/CentOS-Linux-AppStream.repo.rpmsave
Remove centos-linux-release package                                   OK
Remove centos-gpg-keys package                                        OK
Remove centos-linux-repos package                                     OK
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:almalinux-release-8.3-4.el8      ################################# [100%]
Install almalinux-release package                                     OK
Remove centos-indexhtml package                                       OK
Install almalinux-indexhtml package                                   OK
Last metadata expiration check: 0:00:03 ago on Sun 11 Apr 2021 01:39:58 PM CEST.
Dependencies resolved.
[...]
  Cleanup          : glibc-common-2.28-127.el8.x86_64                                                                                                                                         80/81 
  Cleanup          : libgcc-8.3.1-5.1.el8.x86_64                                                                                                                                              81/81 
  Running scriptlet: libgcc-8.3.1-5.1.el8.x86_64                                                                                                                                              81/81 
  Running scriptlet: grub2-efi-x64-1:2.02-90.el8_3.1.alma.x86_64                                                                                                                              81/81 
Generating grub configuration file ...
Adding boot menu entry for EFI firmware configuration
done

  Running scriptlet: tuned-2.14.0-3.el8_3.2.noarch                                                                                                                                            81/81 
  Running scriptlet: libgcc-8.3.1-5.1.el8.x86_64                                                                                                                                              81/81 
  Running scriptlet: glibc-common-2.28-127.el8_3.2.x86_64                                                                                                                                     81/81 
  Verifying        : grub2-tools-efi-1:2.02-90.el8_3.1.alma.x86_64                                                                                                                             
[...]
  Verifying        : redhat-rpm-config-123-1.el8.alma.1.noarch                                                                                                                                78/81 
  Verifying        : redhat-rpm-config-123-1.el8.noarch                                                                                                                                       79/81 
  Verifying        : telnet-1:0.17-74.el8_3.1.x86_64                                                                                                                                          80/81 
  Verifying        : telnet-1:0.17-73.el8_1.1.x86_64                                                                                                                                          81/81 

Upgraded:
  NetworkManager-1:1.26.0-14.el8_3.x86_64                          NetworkManager-libnm-1:1.26.0-14.el8_3.x86_64                    NetworkManager-team-1:1.26.0-14.el8_3.x86_64                    
  NetworkManager-tui-1:1.26.0-14.el8_3.x86_64                      chrony-3.5-1.1.el8.x86_64                                        device-mapper-8:1.02.171-5.el8_3.2.x86_64                       
  device-mapper-libs-8:1.02.171-5.el8_3.2.x86_64                   efi-filesystem-3-2.el8.alma.1.noarch                             efi-srpm-macros-3-2.el8.alma.1.noarch                           
  glibc-2.28-127.el8_3.2.x86_64                                    glibc-common-2.28-127.el8_3.2.x86_64                             glibc-langpack-en-2.28-127.el8_3.2.x86_64                       
  grub2-common-1:2.02-90.el8_3.1.alma.noarch                       grub2-efi-x64-1:2.02-90.el8_3.1.alma.x86_64                      grub2-tools-1:2.02-90.el8_3.1.alma.x86_64                       
  grub2-tools-extra-1:2.02-90.el8_3.1.alma.x86_64                  grub2-tools-minimal-1:2.02-90.el8_3.1.alma.x86_64                kexec-tools-2.0.20-34.el8_3.2.x86_64                            
  kmod-25-16.el8_3.1.x86_64                                        kmod-libs-25-16.el8_3.1.x86_64                                   libdnf-0.48.0-5.el8.alma.x86_64                                 
  libgcc-8.3.1-5.1.el8.alma.x86_64                                 libgomp-8.3.1-5.1.el8.alma.x86_64                                libreport-filesystem-2.9.5-15.el8.alma.1.x86_64                 
  libstdc++-8.3.1-5.1.el8.alma.x86_64                              perl-Encode-Locale-1.05-10.module_el8.3.0+2091+9eecfe51.noarch   perl-IO-Socket-SSL-2.066-4.module_el8.3.0+2086+72f2d257.noarch  
  perl-Mozilla-CA-20160104-7.module_el8.3.0+2091+9eecfe51.noarch   perl-Net-SSLeay-1.88-1.module_el8.3.0+2086+72f2d257.x86_64       platform-python-3.6.8-31.el8.alma.x86_64                        
  python3-hawkey-0.48.0-5.el8.alma.x86_64                          python3-libdnf-0.48.0-5.el8.alma.x86_64                          python3-libs-3.6.8-31.el8.alma.x86_64                           
  python3-syspurpose-1.27.18-1.el8_3.alma.1.x86_64                 redhat-rpm-config-123-1.el8.alma.1.noarch                        selinux-policy-3.14.3-54.el8_3.3.noarch
  selinux-policy-targeted-3.14.3-54.el8_3.3.noarch                 shim-x64-15-16.el8.alma.1.x86_64                                 telnet-1:0.17-74.el8_3.1.x86_64
  tuned-2.14.0-3.el8_3.2.noarch

Installed:
  grub2-tools-efi-1:2.02-90.el8_3.1.alma.x86_64

Complete!
Run dnf distro-sync -y                                                OK

After the migration the situation in /boot/ is like this: The new /boot/efi/EFI/almalinux/ has been provided, all files in /boot/efi/EFI/centos/ which were part of a package had been removed (as expected; maybe almalinux-deploy.sh should just remove/shred the now obsolete remainings as well):

# find /boot/ -ls
      128      4 dr-xr-xr-x   5  root     root         4096 Apr 11 11:54 /boot/
        1      4 drwx------   3  root     root         4096 Mar 15 14:27 /boot/efi
        4      4 drwx------   5  root     root         4096 Mar 15 14:27 /boot/efi/EFI
        7      4 drwx------   2  root     root         4096 Apr 11 13:40 /boot/efi/EFI/BOOT
       39   1212 -rwx------   1  root     root      1237503 Mar 15 19:44 /boot/efi/EFI/BOOT/BOOTX64.EFI
       40    356 -rwx------   1  root     root       362968 Mar 15 19:44 /boot/efi/EFI/BOOT/fbx64.efi
       10      4 drwx------   2  root     root         4096 Apr 11 13:41 /boot/efi/EFI/centos
       35      4 -rwx------   1  root     root         1024 Apr 11 11:53 /boot/efi/EFI/centos/grubenv
       37      8 -rwx------   1  root     root         6635 Apr 11 11:53 /boot/efi/EFI/centos/grub.cfg
       38      4 drwx------   3  root     root         4096 Apr 11 13:41 /boot/efi/EFI/almalinux
       43   1212 -rwx------   1  root     root      1240144 Mar 15 19:44 /boot/efi/EFI/almalinux/shimx64-almalinux.efi
       41      4 -rwx------   1  root     root          122 Mar 15 19:44 /boot/efi/EFI/almalinux/BOOTX64.CSV
       42   1144 -rwx------   1  root     root      1171320 Mar 15 19:44 /boot/efi/EFI/almalinux/mmx64.efi
       45      4 drwx------   2  root     root         4096 Mar 15 19:28 /boot/efi/EFI/almalinux/fonts
       46   1856 -rwx------   1  root     root      1900112 Mar 15 19:28 /boot/efi/EFI/almalinux/grubx64.efi
       47      4 -rwx------   1  root     root         1024 Apr 11 13:41 /boot/efi/EFI/almalinux/grubenv
       44   1212 -rwx------   1  root     root      1237503 Mar 15 19:44 /boot/efi/EFI/almalinux/shimx64.efi
       49      8 -rwx------   1  root     root         6635 Apr 11 13:41 /boot/efi/EFI/almalinux/grub.cfg
  1048704      0 drwx------   2  root     root           21 Apr 11 13:41 /boot/grub2
  1048706      0 lrwxrwxrwx   1  root     root           28 Mar 15 19:28 /boot/grub2/grubenv -> ../efi/EFI/almalinux/grubenv
  2117760      0 drwxr-xr-x   3  root     root           21 Apr 11 11:50 /boot/loader
  3145856      0 drwx------   2  root     root          134 Mar 15 19:28 /boot/loader/entries
  3145857      4 -rw-r--r--   1  root     root          351 Apr 11 11:52 /boot/loader/entries/5bb2ffb1e33246d9be2955711d531c63-4.18.0-240.22.1.el8_3.x86_64.conf
  3145859      4 -rw-r--r--   1  root     root          388 Apr 11 11:52 /boot/loader/entries/5bb2ffb1e33246d9be2955711d531c63-0-rescue.conf
      132   9264 -rwxr-xr-x   1  root     root      9485448 Apr  8 21:09 /boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64
      133   3944 -rw-------   1  root     root      4034919 Apr  8 21:09 /boot/System.map-4.18.0-240.22.1.el8_3.x86_64
      134    188 -rw-r--r--   1  root     root       189466 Apr  8 21:09 /boot/config-4.18.0-240.22.1.el8_3.x86_64
      135      4 -rw-r--r--   1  root     root          173 Apr  8 21:09 /boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac
      136  33584 -rw-------   1  root     root     34389279 Apr 11 11:53 /boot/initramfs-4.18.0-240.22.1.el8_3.x86_64.img
      137   9264 -rwxr-xr-x   1  root     root      9485448 Apr 11 11:51 /boot/vmlinuz-0-rescue-5bb2ffb1e33246d9be2955711d531c63
      138  74204 -rw-------   1  root     root     75983345 Apr 11 11:52 /boot/initramfs-0-rescue-5bb2ffb1e33246d9be2955711d531c63.img
      139  19228 -rw-------   1  root     root     19687077 Apr 11 13:40 /boot/initramfs-4.18.0-240.22.1.el8_3.x86_64kdump.img

Again /boot/efi/EFI/BOOT/BOOTX64.EFI is an indentical copy of the real shimx64.efi:

# sha512sum /boot/efi/EFI/BOOT/BOOTX64.EFI /boot/efi/EFI/almalinux/shimx64.efi
8f9589d58ed0832700f8284038989fba6d340928a11e001ae68f60d63ca099a40b0f90ed31c7686e08bb33dacfed10341d57d17b8b5a49d1d1653c6a63c82a85  /boot/efi/EFI/BOOT/BOOTX64.EFI
8f9589d58ed0832700f8284038989fba6d340928a11e001ae68f60d63ca099a40b0f90ed31c7686e08bb33dacfed10341d57d17b8b5a49d1d1653c6a63c82a85  /boot/efi/EFI/almalinux/shimx64.efi

But looking at the EFI entries it all doesn't really matter, because the active record is still the CentOS one (with the files removed) and no new entry for AlmaLinux:

# efibootmgr -v
BootCurrent: 0003
Timeout: 1 seconds
BootOrder: 0003,0001,0000
Boot0000* Diagnostic Program    MemoryMapped(11,0xcac20004,0xcb538003)/FvFile(6f1cf8df-2398-4b3b-aaa6-35d97d4a76e9)
Boot0001* UEFI: IP4 Intel(R) Ethernet Connection I217-LM        PciRoot(0x0)/Pci(0x19,0x0)/MAC(901b0e1fef8d,0)/IPv4(0.0.0.00.0.0.0,0,0)..BO
Boot0003* CentOS Linux  HD(1,GPT,9ad1157f-6e7c-4487-b2c5-f29860db86a5,0x800,0x100000)/File(\EFI\centos\shimx64.efi)

So I am really, really wondering how this should work. During an initial installation of the operating system, it's Anaconda which takes care of creating relevant boot entries, but this isn't the case with the migration script. There is also no RPM package which handles this as part of some embedded script: The only two RPMs which are doing something with efi are grub2-efi-x64-1:2.02-90.el8_3.1.alma.x86_64 and grub2-efi-x64-1:2.02-90.el8_3.1.alma.x86_64 but those aren't dealing with UEFI boot entries:

# rpm -qa --qf '%{NEVRA}\n' | while read rpm; do rpm_scripts=$(rpm -q --scripts -- "$rpm"); grep -qi -e '\befi' <<<"$rpm_scripts" && printf '\n---> %s\n\n%s\n' "$rpm" "$rpm_scripts"; done

---> grub2-tools-1:2.02-90.el8_3.1.alma.x86_64

preinstall scriptlet (using /bin/sh):
if [ -f /boot/grub2/user.cfg ]; then
    if grep -q '^GRUB_PASSWORD=' /boot/grub2/user.cfg ; then
        sed -i 's/^GRUB_PASSWORD=/GRUB2_PASSWORD=/' /boot/grub2/user.cfg
    fi
elif [ -f /boot/efi/EFI/almalinux/user.cfg ]; then
    if grep -q '^GRUB_PASSWORD=' /boot/efi/EFI/almalinux/user.cfg ; then
        sed -i 's/^GRUB_PASSWORD=/GRUB2_PASSWORD=/' \
            /boot/efi/EFI/almalinux/user.cfg
    fi
elif [ -f /etc/grub.d/01_users ] && \
        grep -q '^password_pbkdf2 root' /etc/grub.d/01_users ; then
    if [ -f /boot/efi/EFI/almalinux/grub.cfg ]; then
        # on EFI we don't get permissions on the file, but
        # the directory is protected.
        grep '^password_pbkdf2 root' /etc/grub.d/01_users | \
                sed 's/^password_pbkdf2 root \(.*\)$/GRUB2_PASSWORD=\1/' \
            > /boot/efi/EFI/almalinux/user.cfg
    fi
    if [ -f /boot/grub2/grub.cfg ]; then
        install -m 0600 /dev/null /boot/grub2/user.cfg
        chmod 0600 /boot/grub2/user.cfg
        grep '^password_pbkdf2 root' /etc/grub.d/01_users | \
                sed 's/^password_pbkdf2 root \(.*\)$/GRUB2_PASSWORD=\1/' \
            > /boot/grub2/user.cfg
    fi
fi
postinstall scriptlet (using /bin/sh):
if [ "$1" = 1 ]; then
        /sbin/install-info --info-dir=/usr/share/info /usr/share/info/grub2.info.gz || :
        /sbin/install-info --info-dir=/usr/share/info /usr/share/info/grub2-dev.info.gz || :
fi

if [ "$1" = 2 ]; then
        /sbin/grub2-switch-to-blscfg --backup-suffix=.rpmsave &>/dev/null || :
fi
preuninstall scriptlet (using /bin/sh):
if [ "$1" = 0 ]; then
        /sbin/install-info --delete --info-dir=/usr/share/info /usr/share/info/grub2.info.gz || :
        /sbin/install-info --delete --info-dir=/usr/share/info /usr/share/info/grub2-dev.info.gz || :
fi

---> grub2-efi-x64-1:2.02-90.el8_3.1.alma.x86_64

posttrans scriptlet (using /bin/sh):
if [ -d /sys/firmware/efi ] && [ ! -f /boot/efi/EFI/almalinux/grub.cfg ]; then
    grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg || :
fi

That's the reason why I think we are missing something really important here and I would be very surprised it this works for anybody on UEFI hardware.

If I now reboot the machine, of course it doesn't come up again (no valid boot loader found). I actually did, it's just a test box.

[OliverKellyATech]

Thanks for your work on this one @cschug ; we appear to be having a similar EFI issue on a PROD VM server. Unfortunately, the server was mistaking created with EFI enabled instead of legacy BIOS mode, due to a VMware default which was not picked up by our team.

The VM is running CloudLinux release 8.3 (Pavel Belyayev), but is actually a converted AlmaLinux 8.3 install, running WHM+cPanel. Everything works fine from a WHM+cPanel perspective; however, the /boot/efi partition is similarly messy:

# cat /etc/redhat-release 
CloudLinux release 8.3 (Pavel Belyayev)
# uname -a
Linux cp-aqq.atech.host 4.18.0-147.8.1.el8.lve.1.x86_64 #1 SMP Mon Jun 29 09:55:57 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux
# efibootmgr -v
BootCurrent: 0004
BootOrder: 0004,0000,0001,0003,0002
Boot0000* EFI Virtual disk (0.0)	PciRoot(0x0)/Pci(0x15,0x0)/Pci(0x0,0x0)/SCSI(0,0)
Boot0001* EFI VMware Virtual SATA CDROM Drive (0.0)	PciRoot(0x0)/Pci(0x11,0x0)/Pci(0x1,0x0)/Sata(0,0,0)
Boot0002* EFI Network	PciRoot(0x0)/Pci(0x16,0x0)/Pci(0x0,0x0)/MAC(005056bf703e,1)
Boot0003* EFI Internal Shell (Unsupported option)	MemoryMapped(11,0xcb2e000,0xcf9afff)/FvFile(c57ad6b7-0515-40a8-9d21-551652854e37)
Boot0004* AlmaLinux	HD(1,GPT,337c0528-08bc-4ee7-80bb-396bb04de384,0x800,0x200000)/File(\EFI\almalinux\shimx64.efi)
# find /boot/ -ls
      131      4 dr-xr-xr-x   5  root     root         4096 Apr 12 12:16 /boot/
        1      4 drwx------   3  root     root         4096 Aug 20  2020 /boot/efi
        7      4 drwx------   5  root     root         4096 Aug 20  2020 /boot/efi/EFI
       16      4 drwx------   2  root     root         4096 Apr 23 04:54 /boot/efi/EFI/BOOT
       17   1208 -rwx------   1  root     root      1236479 Nov 30 21:29 /boot/efi/EFI/BOOT/BOOTX64.EFI
       19    356 -rwx------   1  root     root       362568 Nov 30 21:29 /boot/efi/EFI/BOOT/fbx64.efi
        8      4 drwx------   2  root     root         4096 Apr 23 04:54 /boot/efi/EFI/almalinux
       13      8 -rwx------   1  root     root         6558 Apr 12 11:51 /boot/efi/EFI/almalinux/grub.cfg
        9      4 -rwx------   1  root     root         1024 Apr 12 12:08 /boot/efi/EFI/almalinux/grubenv
       12      4 drwx------   3  root     root         4096 Apr 23 04:54 /boot/efi/EFI/centos
       14      4 drwx------   2  root     root         4096 Apr 22 17:46 /boot/efi/EFI/centos/fonts
       23   1212 -rwx------   1  root     root      1239232 Nov 30 21:29 /boot/efi/EFI/centos/shimx64-cloudlinux.efi
       15   1852 -rwx------   1  root     root      1893248 Apr 22 17:46 /boot/efi/EFI/centos/grubx64.efi
       21      4 -rwx------   1  root     root          130 Nov 30 21:29 /boot/efi/EFI/centos/BOOTX64.CSV
       22   1144 -rwx------   1  root     root      1170408 Nov 30 21:29 /boot/efi/EFI/centos/mmx64.efi
       24   1208 -rwx------   1  root     root      1236479 Nov 30 21:29 /boot/efi/EFI/centos/shimx64.efi
100680029      0 drwx------   2  root     root           21 Apr 23 04:53 /boot/grub2
102047999      0 lrwxrwxrwx   1  root     root           28 Apr 22 17:46 /boot/grub2/grubenv -> /boot/efi/EFI/centos/grubenv
 67896356      0 drwxr-xr-x   3  root     root           21 Apr 12 11:23 /boot/loader
101144586      0 drwx------   2  root     root          278 Apr 22 17:46 /boot/loader/entries
101215453      4 -rw-r--r--   1  root     root          326 Apr 12 11:24 /boot/loader/entries/c1b60b5e1bc64be7b4ae0f6ee1cfba53-4.18.0-240.el8.x86_64.conf
101215454      4 -rw-r--r--   1  root     root          388 Apr 12 11:24 /boot/loader/entries/c1b60b5e1bc64be7b4ae0f6ee1cfba53-0-rescue.conf
101144743      4 -rw-r--r--   1  root     root          378 Apr 12 11:34 /boot/loader/entries/c1b60b5e1bc64be7b4ae0f6ee1cfba53-4.18.0-240.22.1.el8_3.x86_64.conf
102513329      4 -rw-r--r--   1  root     root          404 Apr 12 12:09 /boot/loader/entries/c1b60b5e1bc64be7b4ae0f6ee1cfba53-4.18.0-147.8.1.el8.lve.1.x86_64.conf
   176158   9292 -rwxr-xr-x   1  root     root      9511872 Jan 15 19:52 /boot/vmlinuz-4.18.0-240.el8.x86_64
   414874   3940 -rw-------   1  root     root      4032815 Jan 15 19:52 /boot/System.map-4.18.0-240.el8.x86_64
   414875    188 -rw-r--r--   1  root     root       189494 Jan 15 19:52 /boot/config-4.18.0-240.el8.x86_64
   414876      4 -rw-r--r--   1  root     root          166 Jan 15 19:50 /boot/.vmlinuz-4.18.0-240.el8.x86_64.hmac
   566883  30308 -rw-------   1  root     root     31033796 Apr 12 11:25 /boot/initramfs-4.18.0-240.el8.x86_64.img
   414877   9292 -rwxr-xr-x   1  root     root      9511872 Apr 12 11:24 /boot/vmlinuz-0-rescue-c1b60b5e1bc64be7b4ae0f6ee1cfba53
   683986  57120 -rw-------   1  root     root     58487282 Apr 12 11:24 /boot/initramfs-0-rescue-c1b60b5e1bc64be7b4ae0f6ee1cfba53.img
   177024  18884 -rw-------   1  root     root     19336624 Apr 12 11:27 /boot/initramfs-4.18.0-240.el8.x86_64kdump.img
     2600   9264 -rwxr-xr-x   1  root     root      9483200 Apr  9 22:06 /boot/vmlinuz-4.18.0-240.22.1.el8_3.x86_64
    25691   3944 -rw-------   1  root     root      4034919 Apr  9 22:05 /boot/System.map-4.18.0-240.22.1.el8_3.x86_64
   175977    188 -rw-r--r--   1  root     root       189466 Apr  9 22:05 /boot/config-4.18.0-240.22.1.el8_3.x86_64
   176668      0 -rw-r--r--   1  root     root            0 Apr  9 22:01 /boot/.vmlinuz-4.18.0-240.22.1.el8_3.x86_64.hmac
   178168  28276 -rw-------   1  root     root     28952817 Apr 12 11:34 /boot/initramfs-4.18.0-240.22.1.el8_3.x86_64.img
   175982  18872 -rw-------   1  root     root     19322128 Apr 12 11:35 /boot/initramfs-4.18.0-240.22.1.el8_3.x86_64kdump.img
      147   7924 -rwxr-xr-x   1  root     root      8111208 Jun 30  2020 /boot/vmlinuz-4.18.0-147.8.1.el8.lve.1.x86_64
  1352451   3756 -rw-------   1  root     root      3842589 Jun 30  2020 /boot/System.map-4.18.0-147.8.1.el8.lve.1.x86_64
  1352452    184 -rw-r--r--   1  root     root       184937 Jun 30  2020 /boot/config-4.18.0-147.8.1.el8.lve.1.x86_64
  1554648      4 -rw-r--r--   1  root     root          176 Jun 30  2020 /boot/.vmlinuz-4.18.0-147.8.1.el8.lve.1.x86_64.hmac
  1554649  28156 -rw-------   1  root     root     28830185 Apr 12 12:09 /boot/initramfs-4.18.0-147.8.1.el8.lve.1.x86_64.img
     2682  21552 -rw-------   1  root     root     22066098 Apr 14 08:38 /boot/initramfs-4.18.0-147.8.1.el8.lve.1.x86_64kdump.img
# ls -l /etc/ | grep grub.cfg
lrwxrwxrwx   1 root       root           31 Apr 22 17:46 grub2-efi.cfg -> ../boot/efi/EFI/centos/grub.cfg

As you can see:

• The EFI boot entry is pointin to \EFI\almalinux\shimx64.efi
• All the .efi files are actually under /boot/efi/EFI/centos/
• The grub.cfg is under /boot/efi/EFI/almalinux/grub.cfg
• The /etc/grub2-efi.cfg symlink is pointing to ../boot/efi/EFI/centos/grub.cfg, which does not exist

We are now in the precarious situation that we can not reboot the VM, as grub will fail to find the images to boot.

Before finding this bug report we have attempted several fixes using grub2-install and grub2-mkconfig, to no effect. We have a running VM snapshot we can roll back to when testing, but that is not really sufficient for a PROD workload.

Any assistance on this issue would be greatly appreciated.

[cschanzlenist]

Hi - on my first test system of using the deployment script, I too fell into this issue: unbootable system.

Most Dell systems should have this issue since the BIOS creates bootmanager entries for CentOS referencing \EFI\centos\shimx64.efi. Since those files are moved/removed and efibootmgr is not used to create a new boot path, the system failed to boot (failed to PXE booting).

I was able to visit the BIOS Setup and create a new 'alma' boot entry and it was easy to follow the path to EFI\almalinux\shimx64.efi. But surely, this should be automated with the deployment script.

Next time I will also log all the output, but that too could be something the script could do itself. I'll dive into this more as time permits.

[zackfuchtel]

Nice Bug. I stumbled over this today. Thanks for pointing out the problem. Changed boot path in Dell Bios to EFI\almalinux\shimx64.efi and machine ist starting up again.

[gruesomehit]

I had switched to Almalinux from Centos 8 before with no issues before at my work. The environment was VM with no EFI boot. Sadly, at home, I have also a NUC with a UEFI boot. So, when I used again the script after I rebooted, the server stuck on the boot. Here are my steps if somebody would have the same issue.

• I booted my NUC using a USB with Super Grub2 Disk. Once started, among the different options I choose \EFI\almalinux\shimx64.efi and the system booted normally.
• I run sudo efibootmgr -c -b 0003 -L AlmaLinux -l \\EFI\\almalinux\\shimx64.efi and now always boot correctly.

With efibootmgr -v you can see all the entries and disable or delete which references the old Centos installation.

[andrewlukoshko]

Update for almalinux-deploy.sh was just pushed and now it creates boot entry for AlmaLinux.

[fwarnke]

Seems to have solved the issues I was having with CentOS v8 UEFI systems. Thanks.