Failed to open \EFI\centos\grubx64.efi - Not Found

Support for security such as Firewalls and securing linux
enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by enseva » 2018/10/04 14:56:43

avij wrote:
2018/10/03 19:18:07
enseva wrote:
2018/09/29 21:46:57
It appears this issue is related to Hyper-V and the creation of templates which require the following to be run before using that VM as a base for the template:

grub-install --target=x86_64-efi --efi-directory=/boot/efi --no-nvram --removable

I'm not clear why a yum update would result in breaking the EFI config in that case, though.
The kicker is that there's no grub-install in CentOS 7. If you have been using someone else's grub-install that does not know about CentOS paths to manage CentOS boot configuration, I'm not surprised that there are issues. I don't know what your grub-install binary does, but it could, conceivably, use some other path than /boot/efi/EFI/centos for the UEFI boot config. You may be able to get some information about your grub-install if you run rpm -qif $( which grub-install ) but chances are that your grub-install is not packaged into a rpm. In that case which grub-install may show something, like an unusual path for the binary.
I know that. That's a debian/ubuntu command. I was wrong. He passed that along and I posted it without thinking. It isn't the issue.

The issue is, if you read through the countless EFI bugs posted since the beginning of the year (we'll give a pass on all the ones I found from last year, too) that CentOS has changed the default location for it's boot files in various updates, at least that's what appears to be happening.

It seems that since 1708 there have been various updates (and I'm not sure if this is related to the shim file) that have defaulted the boot configuration location from /boot/efi/EFI/BOOT to /boot/efi/EFI/centos and back.

https://bugs.centos.org/view.php?id=14519
https://bugs.centos.org/view.php?id=14443

I have a working, non-updated VM I just created from a template created from a 1708 ISO which has ZERO files in /boot/efi/EFI/centos - and it boots fine.

As soon as I update that, there are seven files, all dated Aug 24, 2018, added to the /boot/efi/EFI/centos directory:

BOOT.CSV
BOOTX64.CSV
mmx64.efi
MokManager.efi
shim.efi
shimx64-centos.efi
shimx64.efi

Of course, this means three critical files are missing from that directory. Which would be fine if the Grub configuration hadn't been somehow magically updated (which it is, per my error) to look in this directory.

Post-boot, of course I get the error you see on the previous screen shot.

Booting into rescue, copying the missing files from /boot/efi/EFI/BOOT to /boot/efi/EFI/centos resolves the issue.

The question is: Why the hell did it work just fine without any files in the ..../centos directory prior to update?

enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by enseva » 2018/10/04 15:30:53

avij wrote:
2018/10/03 16:45:48
enseva wrote:
2018/10/03 16:39:46
I see that this was quietly fixed without any acknowledgement from CentOS.

Doing a yum update now correctly puts files previously found in /boot/efi/EFI/BOOT into /boot/efi/EFI/centos.

This is a significant issue that likely affected MANY people using a Hyper-V environment.

Can we please get a public acknowledgement and explanation of this issue?
Perhaps your testing was flawed. No updates have been released in the last few days.
I was incorrect in that post. I'll correct the post itself.

I don't believe actual "updates" were released. But I do believe something was changed in the updates that were last released which results in the boot configuration being modified in some way.

There's no clear explanation why this issue suddenly arose when the same VM had been updated multiple times previously with no boot issues. There's files updated with a date of Aug 24 in both directories, yet prior to the update having a completely blank CentOS directory worked fine.

I'm not saying it should be blank. I'm just saying it was. And it worked. Now it's not and it doesn't until files are copied over.

Post Reply

Return to “CentOS 7 - Security Support”