101 lines
2.6 KiB
ReStructuredText
101 lines
2.6 KiB
ReStructuredText
************************
|
|
Bootloader: efibootguard
|
|
************************
|
|
|
|
Efibootguard is the default bootloader of CoreOS. It's an open source
|
|
bootloader based on UEFI made by Siemens and released under GPLv2, that
|
|
implement the A/B booting scheme.
|
|
|
|
Efibootguard allow us to have a redondant boot partition that contain a
|
|
configuration file for efibootguard and a signed Unified Kernel Image
|
|
|
|
A/B Switch
|
|
==========
|
|
|
|
Two partition are used to store two diffrent configuration. The first partition
|
|
is called boot0 and the second one boot1.
|
|
|
|
At boot, efibootguard find the configuration file stored inside each boot
|
|
partition and load it. Inside the configuration, the field "revision" is used
|
|
to select the configuration to use to boot the board. It will be the one
|
|
with the highest revision
|
|
|
|
.. uml::
|
|
|
|
@startuml
|
|
!theme cloudscape-design
|
|
start
|
|
partition A/B selector {
|
|
|
|
:read boot0 configuration;
|
|
:read boot1 configuration;
|
|
|
|
if (boot0.revision > boot1.revision") then (yes)
|
|
:select boot0;
|
|
else (no)
|
|
:select boot1;
|
|
endif
|
|
}
|
|
|
|
end
|
|
@enduml
|
|
|
|
State checking
|
|
==============
|
|
|
|
After having selecting the configuration to use, efibootguard will use the
|
|
state field to determine is the configuration is already know to work or not.
|
|
|
|
Theses states are possible:
|
|
|
|
- ok: the configuration is known to be working
|
|
- installed: the configuration was just updated and was never booted
|
|
- testing: the configuration was just updated and was already booted once
|
|
- failed: the configuration is not working
|
|
|
|
.. uml::
|
|
|
|
@startuml
|
|
!theme cloudscape-design
|
|
start
|
|
partition state checking {
|
|
switch (state?)
|
|
case ( ok )
|
|
:set state to ok;
|
|
case ( installed )
|
|
:set state to testing;
|
|
case ( testing )
|
|
:set state to failed;
|
|
:set revision to 0;
|
|
:reboot;
|
|
stop
|
|
case ( failed )
|
|
:set revision to 0;
|
|
:reboot;
|
|
stop
|
|
endswitch
|
|
}
|
|
end
|
|
@enduml
|
|
|
|
Image loading
|
|
==============
|
|
|
|
The last part of the boot process just consist of reading kernel image
|
|
from the selected boot partition and then calling the load_image EFI function
|
|
to let the EFI firmware start the given image. The firmware will then first
|
|
check the signature of the kernel before starting it.
|
|
|
|
.. uml::
|
|
|
|
@startuml
|
|
!theme cloudscape-design
|
|
start
|
|
partition kernel loading {
|
|
: read unified kernel image from boot partition;
|
|
: load image to memory;
|
|
}
|
|
: call EFI load_image();
|
|
end
|
|
@enduml
|