[HOWTO] How-to Boot Linux VMs using UEFI

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
I thought all that stuff was going to be fixed in B3, is it RC1?
What's the ticket / job# on the tracker?

No, what's fixed is Linux VMs with kernel > 4.15. Otherwise, no change to the UEFI limitations.
 

diskdiddler

Wizard
Joined
Jul 9, 2014
Messages
2,377
Oh I'm confusing the issues, sorry. Thanks Kris.

When you say 'limitations' is this a long term thing then?
 

hexley

Dabbler
Joined
Sep 8, 2017
Messages
11
d-i preseed? Not for the casual user then. But just use expert install, surely that's easier than mounting then copying an ios , changing the preseed file and then generating a new iso.

Yeah, it depends on how many VMs you need to spin up. If you're just doing a few then Expert install is definitely the way to go. The more you do, the more taking the time to craft a preseed file will pay for itself.

I've actually never generated a new iso, so I don't know how much work that is. What I do is select "Automated install" after booting a stock iso, then it will prompt you exactly once so you can enter the URL of your preseed file. I guess if I generated my own iso then I could get this down to zero prompts, but that's more automation than I need.

Besides the aforementioned EFI setting and the other installer settings, I also have my preseed file set up to do other stuff like install my ssh key. I do spin up quite a few VMs, so I like being able to kick them off and come back ten minutes later and have it all be done. It's not too much of an investment if you just start from Debian's example preseed and tweak as needed.
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
Oh I'm confusing the issues, sorry. Thanks Kris.

When you say 'limitations' is this a long term thing then?

Yes, as there is no sign of any change in the bhyve UEFI firmware. So, UEFI boot method has no emulation of storing nvram variables, hence need to fix some linux installs one way or another. UEFI-CSM boot method has no fix to work with VNC, hence need to use/generate linux iso that will install over a serial console. BETA3 now works with UEFI-CSM using the right iso and the correct device order settings.
 

FlyBoy

Cadet
Joined
Sep 13, 2018
Messages
3
OK. So, I have been attempting the prescribed fix for VM boot problems, in my case on Debian stretch. Creating the directories and copying the efi file do not result in boot - still stops with the EFI manager.

I was looking for any updates or idea when to expect a fix. Is there somewhere this is being tracked? Or do I bail on Debian for CentOs or other distribution for my VMs ?
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
OK. So, I have been attempting the prescribed fix for VM boot problems, in my case on Debian stretch. Creating the directories and copying the efi file do not result in boot - still stops with the EFI manager.

I was looking for any updates or idea when to expect a fix. Is there somewhere this is being tracked? Or do I bail on Debian for CentOs or other distribution for my VMs ?

For Debian 9 use expert install and answer "YES" when ask to "Force grub-efi installation to the removable media path". Or, post install don't try copying files around, just use this command:

grub-install --efi-directory=/boot/efi --boot-directory=/boot --removable

The only fix is if bhyve ever emulates storage of uefi variables, it's been talked about but never appeared.
 

dtom10

Explorer
Joined
Oct 16, 2014
Messages
81
Hello all,

New version of Freenas same VM issue with Centos 7. A different error but the problem seems to be Centos not properly figuring out you are running an UEFI capable VM.

So the details are:

FreeNAS 11.2-U1
CentOS Linux release 7.6.1810 (Core) 3.10.0-957.1.3.el7.x86_64

The error when you try to boot a VirtIO disk is:

Code:
Failed to set MokListRT: Invalid Parameter
Something has gone seriously wrong: import_mok_state() failed:
Invalid Parameter


In my case the fix is to boot from the install CDROM and selecting Troubleshooting -> Rescue mode

Select 1 to continue and chroot /mnt/sysimage

Code:
cp /boot/efi/EFI/centos/grubx64.efi /boot/efi/EFI/BOOT/BOOTX64.EFI
sync;sync;sync
poweroff


Remove the CDROM device and the system should boot now.

Details were taken from:

https://angrysysadmins.tech/index.php/2018/12/grassyloki/centos-7-failed-set-moklistrt/
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288

Binary Buddha

Contributor
Joined
Mar 6, 2016
Messages
126
So, the UEFI-CSM was supposed to make it a BIOS like environment. However, when installing Centos 7 I can't do the Web VNC to do the install. How are we supposed to get the console for the VM if it's not UEFI?
 

dtom10

Explorer
Joined
Oct 16, 2014
Messages
81
So, the UEFI-CSM was supposed to make it a BIOS like environment. However, when installing Centos 7 I can't do the Web VNC to do the install. How are we supposed to get the console for the VM if it's not UEFI?

VNC works just fine in my case, if you have multiple network interfaces configured it might not pick the one you are logged into the UI.

So you get vnc bound to a different ip address. Don't know why it does that. A possible fix might be to edit devices -> vnc -> bind address and select the correct network interface.
 

dtom10

Explorer
Joined
Oct 16, 2014
Messages
81
Thanks for posting this, but it's more accurate to say it's a new Centos UEFI issue as described here: https://bugs.centos.org/view.php?id=15522

My bad, I mostly don't care about secure boot and didn't know the original source of the problem. At least it's a good exercise for the beginners, gets them used to booting into rescue :D
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
So, the UEFI-CSM was supposed to make it a BIOS like environment. However, when installing Centos 7 I can't do the Web VNC to do the install. How are we supposed to get the console for the VM if it's not UEFI?

See #144 above.
 

renzomarcus

Cadet
Joined
Jan 8, 2019
Messages
3
Hi guys,

I'm new to FreeNAS, but already dove head first into all the features.
I tried to install a CentOS VM on FreeNAS, however that didn't succeed.
I did some googling and came to this thread, but this thread explains how to make sure an already installed VM boots again.

When I created the VM and linked the ISO (in this case the CentOS limited ISO) and fired it up, it doesn't even attempt to install but gives me the following error:
Code:
Failed to set MokListRT: Invalid Parameter
Something has gone seriously wrong: import_mok_state() failed
: Invalid Parameter


Any assistance with this is greatly appreciated!
Renzo
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
I've seen this post, but I can't even get to the part of booting into that troubleshooting because the serial console from the GUI does nothing and neither does looking via VNC. I simply can't even install the OS on this dumb empty disk...

Don't use the latest Centos 7 1810 minimal. Pick an earlier iso and upgrade following the advice at: https://bugs.centos.org/view.php?id=15522
 

renzomarcus

Cadet
Joined
Jan 8, 2019
Messages
3
Thank you very much, I missed the part of installing an older machine first. Wow this is tricky, let's hope not everything on FreeNAS requires you to troubleshoot the hell out of it :D
 

dtom10

Explorer
Joined
Oct 16, 2014
Messages
81
It's Centos's fault actually -_-
 

Binary Buddha

Contributor
Joined
Mar 6, 2016
Messages
126
Thank you very much, I missed the part of installing an older machine first. Wow this is tricky, let's hope not everything on FreeNAS requires you to troubleshoot the hell out of it :D

So it's a CentOS issue. If you a CentOS 1503-1 the install will be fine. BUT! If you do an update it craps out again. I'm looking into what package is actually mucking things up. There's also a post on the CentOS forum that is going over the same issue. It's something related to using "VM" EFI because CentOS is looking for the "hardware" to support EFI and doesn't find it since the VM EFI and Hardware EFI are the same but different. Also if you try to use the CentOS ISOs after 1503 you get the same thing. Some are a little different but due to the same thing.

It's Centos's fault actually -_-

After further research I'd have to agree.
 

Binary Buddha

Contributor
Joined
Mar 6, 2016
Messages
126
So if you do an install with 1503-1 and blacklist mokutil and shim you should be okay.

According to the bug report they're waiting for the Microsucks to approve the signed RPM for some reason.
 
Top