User:M0p/Root on ZFS Native Encryption with Boot Environment/Multi-ESP
If you are using mirror or RAID-Z, here's the procedure to set up redundant EFI system partitions.
Seems that currently there isn't any elegant solution for keeping EFI system partitions in sync. The following is a proposal:
For each disk except the one already configured, do
mkfs.vfat -n EFI2 /dev/disk/by-id/target_disk2-part1 mkfs.vfat -n EFI3 /dev/disk/by-id/target_disk3-part1 ...
Create mountpoints
mkdir /boot/efis mkdir /boot/efis/{2,3} ...
Mount the alternative efi partitions
mount -o umask=0022,fmask=0022,dmask=0022 /dev/disk/by-id/target_disk2-part1 /boot/efis/2 mount -o umask=0022,fmask=0022,dmask=0022 /dev/disk/by-id/target_disk3-part1 /boot/efis/3 ...
Add fstab entries
genfstab / | grep efis >> /etc/fstab
Copy contents of current /boot/efi
to the backups. Don't use dd!
for i in /boot/efis/*; do /usr/bin/cp -r /boot/efi/* /boot/efis/$i; done
Add boot entries in NVRAM, replace ${distro} with actual names
efibootmgr -c -g -d /dev/disk/by-id/target_disk2-part1 \ -p 2 -L "archlinux-2" -l "\EFI\${distro}\grubx64.efi" efibootmgr -c -g -d /dev/disk/by-id/target_disk3-part1 \ -p 3 -L "archlinux-3" -l "\EFI\${distro}\grubx64.efi" ...
Create a systemd service automatically sync /boot/efi
when changed. Based on grub-btrfs.
tee /usr/lib/systemd/system/boot/efis-sync.path << EOF [Unit] Description=Monitor changes in EFI system partition [Path] PathModified=/boot/efi [Install] WantedBy=multi-user.target EOF
tee /usr/lib/systemd/system/boot/efis-sync.service << EOF [Unit] Description=Sync EFI system partition contents to backups [Service] Type=oneshot ExecStart=/usr/bin/bash -c 'for i in /boot/efis/*; do /usr/bin/cp -r /boot/efi/* /boot/efis/$i; done' EOF
systemctl enable efis-sync.path
After a failure of /boot/efi
, edit fstab again to promote one backup as the main efi partition.
- Remove fstab line for the failed
/boot/efi
- Change the mountpoint of one backup to
/boot/efi
, such as changing/boot/efis/3
to/boot/efi
umount /boot/efi && umount /boot/efis/3 && rmdir /boot/efis/3 && mount /boot/efi
Failure to mount primary efi halts boot
Note: System will not be able to boot if /boot/efi
can not be mounted. How to workaround this when the main /boot/efi
is missing due to hardware failure? Only solution seems to be edit fstab to point /boot/efi
to a functional device when the system is still running. Otherwise we need to change the fstab inside chroot in Live environment if the root account is locked (no password).
Mounting /boot/efi... [ FAILED ] Failed to mount /boot/efi. See 'systemctl status efi.mount' for details. [ DEPEND ] Dependency failed for Local File Systems. Dropping to emergency shell... Cannot open access to console, the root account is locked.