FOG Exiting to Shim UEFI Key Management

george1421

@novaholic said in FOG Exiting to Shim UEFI Key Management:

/boot/efi/EFI/BOOT/BOOTX64.EFI

Well that’s a bit unexpected. You may have to update the refind.conf file in /var/www/html/fog/service/ipxe directory to search more places, specifically the path you cited above.

novaholic

@george1421
I added this block to refind.conf and rebooted the FOG server but it did not change the behavior.

menuentry CentOS {
    loader /boot/efi/EFI/BOOT/BOOTX64.EFI
    enabled
}

I copied the BOOTX64.EFI file to /boot/efi/ but that didn’t change anything either.

george1421

@novaholic That is not the right answer since the menu will not be displayed unless you turn it on. There should be an additional search path parameter where you can tell refind to search additional paths.

novaholic

@george1421
Gotcha, I removed the menu entry and added this line instead:

also_scan_dirs /boot/efi/EFI/BOOT

I verified that the change I made to the file was saved by navigating to: http://<FOG_IP>/fog/service/ipxe/refind.conf

The behavior is still the same, CentOS is still failing to exit the FOG menu properly.

george1421

@novaholic I guess I need to find time to build a centos vm to see the exact layout of the disks. I’ll create one with physical partitions and not LVM because that how you are doing it. There has to be something missing here…

novaholic

@george1421 Thank you, I appreciate it. Let me know if you need any other configuration information

novaholic

@george1421 I think I may have found a workaround, I’m not sure what ill-effects it may have yet.

While testing the CentOS image on a physical host I noticed it was able to boot fine using grubx64.efi
This file is located at /boot/efi/EFI/centos on my machine

In the refind.conf file I added two lines:

also_scan_dirs /boot/efi/EFI/centos
dont_scan_files mmx64.efi,MokManager.efi,shim.efi,shimx64-centos.efi,shimx64.efi

Basically these two lines say, also search the centos folder for boot files and ignore every .efi file listed above.

I’ll run with this configuration and update if I come across any issues.

george1421

@novaholic Sorry the afternoon is a bit hectic here. I have the VM built and see the configuration / files as you mentioned. You are on the right track with the search path setting in refind.conf. Hopefully I get some time free in a bit.

george1421

@george1421 ok I had about 5 minutes between stuff. When I register the centos image and exit to hard drive I get these from refind (note I may have menus on in my refind config because I like to mess with things).

As you noted selecting grubx64.efi boots into centos. I can also tell you the shimx64 is a secure boot shim to allow centos to boot on computers with secure boot enabled. In my case my VM doesn’t know anything about secure boot so grub is the right answer.

george1421

OK I have a working solution at least for centos uefi. I don’t know if it will break others… YMMV

scanfor internal,external,optical,manual
dont_scan_files shim.efi,MokManager.efi,shimx64-centos.efi,shimx64.efi,mmx64.efi

I didn’t need to change anything else from default. I didn’t see any other settings I fiddled with over time either.