/boot vs /boot/efi with systemd-boot

Pheoxy · 2017-05-04 14:01:42

So normally I do a /boot partition but I've noticed I don't really need to and then I can keep the kernels on the "root" partition.

What do you guys thing of this? And what about combining this with encryption?

Last edited by Pheoxy (2017-05-04 14:02:05)

Trilby · 2017-05-04 14:20:27

Pheoxy wrote:

... but I've noticed I don't really need to and then I can keep the kernels on the "root" partition.

What does this mean and what does it have to do with your title? The kernel definitely needs to be on the ESP. Whether the ESP is mounted at /boot/ or at /boot/efi is a different question. Mounting the ESP on /boot seems much simpler to me as there is no need for pacman hooks or other acrobatics to move new kernels to the ESP when they are updated.

Pheoxy · 2017-05-04 14:35:25

Sorry, little bit excited after finally getting this working so I might not be very clear at the moment.
https://bbs.archlinux.org/viewtopic.php?id=225716

You seem to have understood the question anyways though. I saw a heap of distros as in Fedora, CentOS, Manjaro don't let you install without warnings anymore to a /boot partition for EFI and was wondering why they did that figuring it was a new way to save space and not have to worry about the /boot partition running out of space with every kernel.

If they use heaps of hooks though with /boot/efi/ I think sticking with just /boot might be better and require less setup and maintenance.

Thanks!

Trilby · 2017-05-04 15:45:38

Pheoxy wrote:

I saw a heap of distros as in Fedora, CentOS, Manjaro don't let you install without warnings anymore to a /boot partition for EFI and was wondering why

You'd have to ask them.

Pheoxy wrote:

... figuring it was a new way to save space and not have to worry about the /boot partition running out of space with every kernel.

Possibly. Some other distros do install new kernel versions with new filenames. Arch does not.

Pheoxy wrote:

I think sticking with just /boot might be better and require less setup and maintenance.

That is what is already recommended in our wiki.

Also note that you can mount your ESP to /boot in archlinux, and still mount it to /boot/efi or somewhere else in other distros that can't gracefully handle an ESP on /boot.

Pheoxy · 2017-05-04 15:56:14

So ESP doesn't even need to be in the /boot partition?

Scimmia · 2017-05-04 15:56:58

Pheoxy wrote:

So ESP doesn't even need to be in the /boot partition?

What? You're asking if a partition needs to be in a partition?

Pheoxy · 2017-05-04 15:58:32

Scimmia wrote:

Pheoxy wrote:
So ESP doesn't even need to be in the /boot partition?
What? You're asking if a partition needs to be in a partition?

For example when you run

bootctl --path=/boot install

The path doesn't have to point to boot?

Scimmia · 2017-05-04 16:00:53

No, it can be whatever you need, that's the point of it being a switch.

Trilby · 2017-05-04 16:33:39

I suspect there may be some confusion of terminology. The ESP (efi system partition) acts like a "boot partition" did for MBR systems. This ESP can be mounted *anywhere* once a system is running - in fact it doesn't need to be mounted at all! It does need to be mounted in order to update the kernel and initramfs stored in it, but other than that mounting it is not necessary.

Our wiki recommends mounting the ESP to the /boot directory of the filesystem. This way when pacman installs a new kernel and builds a new initramfs they'll already be in the right place.

If you want to mount the ESP to /boot/efi (or anywhere else), then you should not have another "boot partition". In these cases, /boot is just a directory on the main partition (also called the "root" partition, though this brings in more ambiguous terminology). In other words the ESP is your boot partition. Whether or not you mount this on /boot or somewhere else is up to you - but there should be no other boot partition*.

(*note: strictly speaking it is possible to have another partition for /boot, but it would serve no purpose that I could imagine. It'd be possible, but completely pointless. I can't imagine any distro would ever recommend it).

tom.ty89 · 2017-05-05 10:05:05

First of all, systemd-boot can only load kernels in the ESP, so if you don't want to copy manually each time after a kernel update, you should have the ESP mounted to /boot.

Some boot loaders, like grub, can load kernels from partition other than the ESP, so it is possible for you to have /boot in the root partition. Using the ESP or yet another partition for /boot in such case could avoid grub accessing the root partition (which could pose certain risk to it in case grub is bugged or so).

Having /boot on partition other than the ESP allows you to have the content under it (kernels) encrypted.

Trilby · 2017-05-05 11:03:36

tom.ty89, you seem to be making the terminology even more confusing talking about having /boot on a partition other than the ESP. I've never heard of /boot being on an ESP, so an exception to that is odd. The ESP can be mounted on /boot (so the content of /boot is stored on the ESP, but there is no /boot directory on the ESP).

I think most of the confusion the OP is dealing with is that partitions and path names are sometimes imprecisely used interchangeably. One might call something a "boot" partition, but that is not the /boot directory. In summary:

1) There must be a partition that has the root of the filesystem tree.
2) The above partition contains a directory called /boot
3A) An ESP partition may be mounted on this directory (in which case, the ESP is mounted on /boot, the ESP does not contain /boot).
3B) Alternatively, the ESP may be mounted on /boot/efi (or really anwhere else, but these two are the normal options).
4) Pacman will place the kernel and the generated initramf in the directory /boot - pacman does not need to know or care what partition these files actually land in. If you took option 3A these will be on the ESP, if you took option 3B they will not be on the ESP and you will have to copy them to the ESP (or use a pacman hook to copy them).
5) The kernel and initramfs must be on the ESP for systemd-boot to boot. So, 3A is the easier solution.

Opting for 3A or 3B has no implications for encryption. You can encrypt the main partition (from step 1) if you like - but again, this has no implications on 3A/3B.

drcouzelis · 2017-05-05 13:09:59

This thread fascinates me, because I just went through what Pheoxy is going through. (Thanks again, Scimmia!)

When setting up my new drive, I first set it up to use GPT partitioning.

Then, I created an EFI System Partition (ESP) that was 512 MiB in size.

Then, I formatted the ESP as FAT32, and set the flags for "efi" and "boot".

Then, I mounted the ESP to "/boot" in my "/etc/fstab" file, and installed Arch Linux.

Then, I read the "man bootctl" manual page, which states:

--path=
           Path to the EFI System Partition (ESP). If not specified, /efi,
           /boot, and /boot/efi are checked in turn. It is recommended to
           mount the ESP to /boot, if possible.

And I was, like, "Cool!", so I just typed "bootctl install", and that was it!

...although I did also install "systemd-boot-pacman-hook" from the AUR, because I'm a little lazy.

(EDIT: I'm not really saying anything that hasn't already been said by Trilby or anyone else in this thread, I just felt like talking about UEFI.)

Last edited by drcouzelis (2017-05-05 13:10:45)

tom.ty89 · 2017-05-05 18:55:36

Trilby wrote:

1) There must be a partition that has the root of the filesystem tree.

Every filesystem has its own "root" (/). Personally I call the partition you refer to here "the root partition" and the filesystem on it " the root filesystem", though someone told me that it should be called "the OS filesystem".

While I myself would called the "/" we generally refer to "the system root (tree)"

Trilby wrote:

2) The above partition contains a directory called /boot

There's a boot directory in the root/OS filesystem (a.k.a. under the system root tree), which you can mount either nothing, the ESP, or yet another partition on it, depending on your situation/preference.

Trilby wrote:

3A) An ESP partition may be mounted on this directory (in which case, the ESP is mounted on /boot, the ESP does not contain /boot).

While it contains the content you see in /boot when it is mounted.

Trilby wrote:

3B) Alternatively, the ESP may be mounted on /boot/efi (or really anwhere else, but these two are the normal options).

It is not even necessary to keep the ESP mounted when it is not used for /boot. Unlike kernel updates, when the grub package, if installed, is updated, pacman does not automatically update the "actual grub" (i.e. the EFI executable et. al.) by re-running grub-install for you. So you can just mount it on-demand, on /mnt for example, when you need to manipulate the content in it, and unmount it right after you are done.

Certainly this does not apply for the systemd-boot + auto-copy pacman hook case.

Trilby wrote:

If you took option 3A these will be on the ESP, if you took option 3B they will not be on the ESP and you will have to copy them to the ESP (or use a pacman hook to copy them).
5) The kernel and initramfs must be on the ESP for systemd-boot to boot. So, 3A is the easier solution.

The copying is only needed for systemd-boot. It is the silliest way of using systemd-boot anyway, with pacman hook or doing it manually. It's totally pointless not to use the ESP for /boot when you use systemd-boot.

Trilby wrote:

Opting for 3A or 3B has no implications for encryption. You can encrypt the main partition (from step 1) if you like - but again, this has no implications on 3A/3B.

If you use grub, you can keep the kernels and initramfs encrypted by not having them in the ESP. grub is capable of opening luks-encrypted partitions. You need to have the grub modules and grub.cfg in the ESP though (by specifying --boot-directory $esp_mountpoint when grub-install)

For systemd-boot, since you need to have the kernels and initramfs (copy that are actually being used, in any case) in the ESP, so you can't have them encrypted since the ESP must be unencrypted (in the dm-crypt sense).

mkov · 2017-05-25 23:59:10

Trilby wrote:

1) There must be a partition that has the root of the filesystem tree.
2) The above partition contains a directory called /boot
3A) An ESP partition may be mounted on this directory (in which case, the ESP is mounted on /boot, the ESP does not contain /boot).
3B) Alternatively, the ESP may be mounted on /boot/efi (or really anwhere else, but these two are the normal options).
4) Pacman will place the kernel and the generated initramf in the directory /boot - pacman does not need to know or care what partition these files actually land in. If you took option 3A these will be on the ESP, if you took option 3B they will not be on the ESP and you will have to copy them to the ESP (or use a pacman hook to copy them).
5) The kernel and initramfs must be on the ESP for systemd-boot to boot. So, 3A is the easier solution.

This is great explanation, this should go to Wiki EFI_System_Partition

surfatwork · 2017-05-26 16:59:43

mkov wrote:

This is great explanation, this should go to Wiki EFI_System_Partition

this is clear enough in EFISTUB

Trilby · 2017-05-26 20:50:54

I'm glad it could be useful, but my explanation was not of a general enough level for wiki content. I was addressing a specific misconception here.

Arch Linux

#1 2017-05-04 14:01:42

/boot vs /boot/efi with systemd-boot

#2 2017-05-04 14:20:27

Re: /boot vs /boot/efi with systemd-boot

#3 2017-05-04 14:35:25

Re: /boot vs /boot/efi with systemd-boot

#4 2017-05-04 15:45:38

Re: /boot vs /boot/efi with systemd-boot

#5 2017-05-04 15:56:14

Re: /boot vs /boot/efi with systemd-boot

#6 2017-05-04 15:56:58

Re: /boot vs /boot/efi with systemd-boot

#7 2017-05-04 15:58:32

Re: /boot vs /boot/efi with systemd-boot

#8 2017-05-04 16:00:53

Re: /boot vs /boot/efi with systemd-boot

#9 2017-05-04 16:33:39

Re: /boot vs /boot/efi with systemd-boot

#10 2017-05-05 10:05:05

Re: /boot vs /boot/efi with systemd-boot

#11 2017-05-05 11:03:36

Re: /boot vs /boot/efi with systemd-boot

#12 2017-05-05 13:09:59

Re: /boot vs /boot/efi with systemd-boot

#13 2017-05-05 18:55:36

Re: /boot vs /boot/efi with systemd-boot

#14 2017-05-25 23:59:10

Re: /boot vs /boot/efi with systemd-boot

#15 2017-05-26 16:59:43

Re: /boot vs /boot/efi with systemd-boot

#16 2017-05-26 20:50:54

Re: /boot vs /boot/efi with systemd-boot

Board footer