You are not logged in.
Pages: 1
Not too long ago, while researching the "perfect" setup (Yes, I am quite insane), I read somewhere, that the recommended mount point, for ESP, is /boot/efi. I have not been able to find this particular source again. Perhaps it was and older version of the UEFI documentation, but it was, at the very least, reliable at some point, in the not too distant past.
I should mention, that I attempted to get the archinstall script to conform to this standard, and tried many different approaches, but it just wasn't possible. If this is not intended behaviour, it is probably something to look into.
All this, however, is besides the point, which is the recommendation provided on the Arch Wiki: link
/efi is a replacement[5] for the historical and now discouraged ESP mountpoint /boot/efi.
I read this as a clear, and rather official, recommendation, to not mount esp at /boot/efi, but where this recommendation comes from, I cannot figure out. From my attempts at researching the subject, I have in fact gotten the impressions that the recommendation is exactly the opposite.
The one link provided [5] links to the systemd gihub page, and a discussion on the subject, that by no means reaches a consensus, I think.
A link is also provided to a Linux Foundation resource, however, this has not been updated since before July 2nd 2015, and probably long before, thus it seems somewhat irrelevant, as others also argue, nor do I think it really provides any argument for or against. IF anything, I should think for.
The only argument seem to be, that it is silly to mount separately, on /boot/efi, though I don't really understand this argument. I rather think it makes sense. As I understand the subject, you don't really need to mount ESP, and it seems perfectly sensible to me, to not have it mounted at all, except of course when updating or changing something on ESP, which I should even think, really doesn't need to be that often, if at all, after initial install, provided the the right setup, of course. I may be mistaken regarding this.
So where does this discouragement actually come from? Is it just at consensus among the Arch Linux developers, or is there more to it?
What is the actual argument, and could someone perhaps explain it to me?
Yes, I know, it doesn't really matter all that much, to mere mortal, like myself, but I am quite curious, for one, and I am very much in the "one way of doing things" camp. No ideal, in the Gnu/Linux world, I suppose, but that's just how it is.
Best regards.
I am a philosopher, of sorts, not a troll or an imbecile.
My apologies that this is not always obvious, despite my best efforts.
Offline
I read this as a clear, and rather official, recommendation,
The heading of that colored box says "tip" , for me that makes it feel like advise , not a recommendation .
I have the esp on its own partition as /efi for 2 reasons:
- the esp is meant for everything that attempts to boot a system. It should not be tied to one OS.
(The same holds true for other boot systems like bootloaders on BIOS MBR systems )
- esp typically uses a fat filesystem. That FS is very limited and doesn't support *nix permissions / access control methods.
It feels cleaner to keep this part as separate as possible from my archlinux installation .
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline
I read this as a clear, and rather official, recommendation,
The heading of that colored box says "tip" , for me that makes it feel like advise , not a recommendation .
I have the esp on its own partition as /efi for 2 reasons:
- the esp is meant for everything that attempts to boot a system. It should not be tied to one OS.
(The same holds true for other boot systems like bootloaders on BIOS MBR systems )- esp typically uses a fat filesystem. That FS is very limited and doesn't support *nix permissions / access control methods.
It feels cleaner to keep this part as separate as possible from my archlinux installation .
I disagree. Yes, it is indeed odd that one would state such things in such a matter, under a heading reading 'tip', but never the less, it is clearly not meant to be interpreted as anything but a clear discouragement from mounting on /boot/efi.
This is fine, however, I would just very much like to know who discourages this, as it is clearly stated as a indisputable fact, and why.
That is all really.
I'm sure that we can argue for a long time, for and against, but that is of little interested to me, at this point.
I hadn't considered that ESP might well be used for multiple operating systems, but I don't really see how that changes anything. If anything, it just reinforces my belief, that it should in fact not me mounted at all, unless absolutely necessary, to protect vital part of the system, and potentially multiple systems, and when mounted, for short periods of time, on rare occasions, I honestly see no reason why there should be any difference between /boot/efi and /efi, except for having and additional root folder, whereas I much prefer to have it hidden away, though of course, as I understand it, none of the two is really needed. Just mount at /mnt, when needed, and unmounted it when done, and there will be one less empty folder, serving no real purpose.
Is my perspective on that, completely silly, or does it make some sense?
Thanks.
Last edited by zacariaz (2022-09-19 09:35:11)
I am a philosopher, of sorts, not a troll or an imbecile.
My apologies that this is not always obvious, despite my best efforts.
Offline
There are many takes on this matter and it can be quite complicated because not every setup is the same. There is also the matter of bias and opinions.
I for one, atm compared to all the dumb stuff I did in the past, simply mount a tiny ESP in /efi (8MiB FAT12), then an encrypted /boot (256MiB ext4 on luks2), for silly reasons actually, then an even sillier custom grub setup on top that is irrelevant so I'll not go into detail. Finally both are mounted as read-only.
I really don't care about other stuff nor "protect part of the system", because in the end, if one's system is compromised enough that anyone can write random nonsense in those filesystems or / itself, you typically have bigger things to worry about.
Then there's the consideration of not mounting at all, leaving vfat module unloaded, and after a kernel update, one MIGHT™ find troubles, depending on the circumstances.
Also the matter of automation, if one system has an auto update for their bootloader, which I do.
BIG note, all of the potential inconveniences can be worked around, but that means work, and not everyone likes doing too much stuff.
Offline
There are many takes on this matter and it can be quite complicated because not every setup is the same. There is also the matter of bias and opinions.
Naturally.
I for one, atm compared to all the dumb stuff I did in the past, simply mount a tiny ESP in /efi (8MiB FAT12), then an encrypted /boot (256MiB ext4 on luks2), for silly reasons actually, then an even sillier custom grub setup on top that is irrelevant so I'll not go into detail. Finally both are mounted as read-only.
Seems perfectly reasonable to me, except of course FAT12/16 does not conform to the standard, unless it is an USB key, or something or rather.
How do you manage the read only mount, when updating/upgrading. Du you simply handle it manually, or do you have hooks or something to do so?
I really don't care about other stuff nor "protect part of the system", because in the end, if one's system is compromised enough that anyone can write random nonsense in those filesystems or / itself, you typically have bigger things to worry about.
I don't worry either, but I do like to do things "the ONE right way", not least because then I don't have to make the decisions. Others have done it for me. There is a standard. (OMG, I just realised, that basically makes me religious. )
Then there's the consideration of not mounting at all, leaving vfat module unloaded, and after a kernel update, one MIGHT™ find troubles, depending on the circumstances.
Could you elaborate on that? I don't think I follow. There will always be the potential trouble, when changing something essential, but why leaving it unmounted should or could, potentially, increase that potential, I don't understand.
Also the matter of automation, if one system has an auto update for their bootloader, which I do.
That goes without saying, but I do not this need be that big of an issue, only you need to implement a proper solution, of course.
BIG note, all of the potential inconveniences can be worked around, but that means work, and not everyone likes doing too much stuff.
As long as it only has to be done once, and you know how, and yes, some do actually rather enjoy making things more difficult that they have to be. Why do you think I'm running Arch? I can tell you that it is not because it is easy and trouble free, however, it does have the advantage of me being able to do thing my way, provided I can find/get the necessary answers. Actually, that is the most frustrating part. sorting through all the garbage, explaining to people that you're perfectly well aware that you're insane, and that this small fact doesn't actually change your question, and not least, having to figure out the questions, which can be surprisingly difficult at times.
This, it enables me to strive for perfection, knowing full well, that I will never reach my goal. Important priorities, you know...
At any rate, my current point of view, on this particular subject, is that I don't really understand why there is a questions of mount point at all. I hadn't considered this before yesterday, but I can honestly say that I do not comprehend it.
How would the easiest and safest solution, not be to simply not mount it, other than on a "need to access" basis?
Yes, I am perfectly well aware that this is probably a perfectly stupid question (yes, those do actually exist), but as of yet, I have not really heard an answer, good or bad.
Have it ever been a requirement that ESP was mounted? That is the only explanation I can think of, though I cannot think of the why. Then again, it wouldn't be the first time, I've missed the obvious.
I am a philosopher, of sorts, not a troll or an imbecile.
My apologies that this is not always obvious, despite my best efforts.
Offline
Have it ever been a requirement that ESP was mounted?
Some bootloaders (ReFind is one of them) install files on the ESP .
When that bootloader is updated, the files on the esp also need to be updated.
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline
Have it ever been a requirement that ESP was mounted?
Some bootloaders (ReFind is one of them) install files on the ESP .
When that bootloader is updated, the files on the esp also need to be updated.
I don't think that qualifies, at least in regards to the intent of my question. Naturally, if the content of ESP need to be changed, it needs to be mounted, regardless what this change may be. I suspect Refind does not require ESP to be mounted, at any other time (?)
I do however find it curious, that a boot loader would do that, if ESP is actually used as ESP is and was intended, as I understand it.
I am a philosopher, of sorts, not a troll or an imbecile.
My apologies that this is not always obvious, despite my best efforts.
Offline
Mounting the ESP under /efi is useful if systemd-boot is employed:
$ findmnt /efi
TARGET SOURCE FSTYPE OPTIONS
/efi systemd-1 autofs rw,relatime,fd=45,pgrp=1,timeout=120,minproto=5,maxproto=5,direct,pipe_ino=14402
$
If no fstab line is created then the ESP is only mounted on demand.
As the only bootloader supplied by the base metapackage is systemd-boot I would therefore conclude that systemd-boot is the default Arch bootloader. That being the case mounting the ESP under /efi without a matching fstab line seems the best choice to me. It's a shame genfstab doesn't have a --no-esp option but I suppose that's what text editors are for.
Para todos todo, para nosotros nada
Offline
Mounting the ESP under /efi is useful if systemd-boot is employed
Not without setting up a XBOOTLDR partition or some custom hooks to put the kernel/initramfs there.
Offline
^ Yes, indeed. More steps may be needed :-)
Para todos todo, para nosotros nada
Offline
In Linux you can mount the same filesystem in multiple locations at the same time.
So... in theory you could put it in all three locations.
mount /dev/yourefipart /boot
mkdir -p /boot/efi
mount /dev/yourefipart /boot/efi
mkdir -p /efi
mount /dev/yourefipart /efi
Although what the various programs and utilities make of this setup, is another matter...
Last edited by frostschutz (2022-09-19 15:51:29)
Offline
I'm not sure about mounting to both /boot and /boot/efi. Seems like something that might be actively prevented, but it sounds intriguing.
I am a philosopher, of sorts, not a troll or an imbecile.
My apologies that this is not always obvious, despite my best efforts.
Offline
Alrighty, now that I have the time...
Why not /boot/efi? There was some discussion somewhere that putting the ESP in /boot/efi is an assumption of it being part of /boot or whatever, anyhow, big noise.
One can just throw the whole ESP into /boot, being big enough for all the junk that one needs, or do some shenanigans by having the ESP tiny and separate, and whatever with /boot.
The whole it being separate recommendation on /efi is just for the sake of clarity, and many tools out there are starting to use it as the new default, you get the idea.
Regardless, even I intended to have the ESP alone and everything under the same luks2, but grub doesn't do argon2i yet, so I'll wait, also I don't feel like not using argon2i for the whole thing, so separate /boot in the meantime.
Now then...
Seems perfectly reasonable to me, except of course FAT12/16 does not conform to the standard, unless it is an USB key, or something or rather. wink
How do you manage the read only mount, when updating/upgrading. Du you simply handle it manually, or do you have hooks or something to do so?
The "standard" doesn't care what kind of FAT as long as its FAT, regardless, one might find a vendor out there that decided to "break" their firmware by doing something stupid, I would not be surprised...
Anyhow, FAT12 because its tiny, and my NVME has 4096 as sector size, when I squished FAT{16,32} in it the firmware pretended it didn't exist... And since the whole set of files is less than <8MiB... You get the idea.
The mounts I do it manually atm, was thinking of doing some hooks, but I keep procrastinating...
Could you elaborate on that? I don't think I follow. There will always be the potential trouble, when changing something essential, but why leaving it unmounted should or could, potentially, increase that potential, I don't understand.
Having it unmounted means the vfat module most likely was never used, this means nothing for most users, or those that did a fancy setup to keep the kernel modules alive after update, but IF for some reason one needs to mount the ESP after an update that included the kernel, and there's no fancy setup nor vfat loaded, you'll get a failed mount and will need to do a reboot, and depending on the circumstances this MIGHT™ spell trouble, again, nothing relevant to this topic, but its a tiny thing to take into account for the sake of newbies.
Maybe one could install the old kernel manually if the need is critical, but why not have a default in the wiki that will avoid newbies suffering?
Anyhow, that's mostly the point of how it is, so newbies have some sorta default idea that will make their lives easier and avoids confusion, just the path of least resistance.
Offline
Thank you for the explanation. It is much appreciated.
Regarding 12/16/32, it was rather my point, that it is a bit of a joke, to differentiate between them, in this regard, which they do indeed do. If it is not a removable device, then you're supposed to use fat32, even though it doesn't really make a difference.
I am a philosopher, of sorts, not a troll or an imbecile.
My apologies that this is not always obvious, despite my best efforts.
Offline
Pages: 1