************************
Bootloader: efibootguard
************************

Efibootguard is the default bootloader of CoreOS. It's an open source
bootloader based on UEFI made by Siemens and released under GPLv2, that
implement the A/B booting scheme.

Efibootguard allow us to have a redondant boot partition that contain a
configuration file for efibootguard and a signed Unified Kernel Image

A/B Switch
==========

Two partition are used to store two diffrent configuration. The first partition
is called boot0 and the second one boot1.

At boot, efibootguard find the configuration file stored inside each boot
partition and load it. Inside the configuration, the field "revision" is used
to select the configuration to use to boot the board. It will be the one
with the highest revision

.. uml::

    @startuml
    !theme cloudscape-design
    start
    partition A/B selector {

        :read boot0 configuration;
        :read boot1 configuration;

        if (boot0.revision > boot1.revision") then (yes)
            :select boot0;
        else (no)
            :select boot1;
        endif
    }

    end
    @enduml

State checking
==============

After having selecting the configuration to use, efibootguard will use the
state field to determine is the configuration is already know to work or not.

Theses states are possible:

- ok: the configuration is known to be working
- installed: the configuration was just updated and was never booted
- testing: the configuration was just updated and was already booted once
- failed: the configuration is not working

.. uml::

    @startuml
    !theme cloudscape-design
    start
    partition state checking {
        switch (state?)
        case ( ok )
            :set state to ok;
        case ( installed ) 
            :set state to testing;
        case ( testing )
            :set state to failed;
            :set revision to 0;
            :reboot;
            stop
        case ( failed )
            :set revision to 0;
            :reboot;
            stop
        endswitch
    }
    end
    @enduml

Image loading 
==============

The last part of the boot process just consist of reading kernel image
from the selected boot partition and then calling the load_image EFI function
to let the EFI firmware start the given image. The firmware will then first
check the signature of the kernel before starting it.

.. uml::

    @startuml
    !theme cloudscape-design
    start
    partition kernel loading {
        : read unified kernel image from boot partition;
        : load image to memory;
    }
    : call EFI load_image();
    end
    @enduml