Failed to open \EFI\centos\grubx64.efi - Not Found

Support for security such as Firewalls and securing linux
enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by enseva » 2018/09/29 22:43:01

TrevorH wrote:
2018/09/29 21:57:43
So, after looking through the list of packages that you get to update, the only 2 there that look like they might be relevant to this problem are mokutil and shim-x64 and the latter would be my guess. Try recreating the problem only this time, instead of running a yum update run yum --exclude=shim-x64 update and then reboot and see if it still does.
It looks like the kernel update requires this:

---> Package mokutil.x86_64 0:12-1.el7.centos will be updated
--> Processing Dependency: mokutil = 12-1.el7.centos for package: shim-x64-12-1.el7.centos.x86_64
--> Processing Conflict: kernel-3.10.0-862.14.4.el7.x86_64 conflicts shim-x64 < 12-2
--> Finished Dependency Resolution
Error: kernel conflicts with shim-x64-12-1.el7.centos.x86_64
Error: Package: shim-x64-12-1.el7.centos.x86_64 (@anaconda)
Requires: mokutil = 12-1.el7.centos
Removing: mokutil-12-1.el7.centos.x86_64 (@anaconda)
mokutil = 12-1.el7.centos
Updated By: mokutil-12-2.el7.x86_64 (updates)
mokutil = 12-2.el7
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

User avatar
TrevorH
Forum Moderator
Posts: 23879
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by TrevorH » 2018/09/29 23:00:14

Right, so that is a Conflicts: that's been added to the latest kernel to ensure that it pulls in the latest shim-x64 package with it. To exclude shim-x64 you'll have to exclude that latest kernel as well as the mokutil package from the update too. That won't then narrow it down to just being shim-x64 that's the problem but I think it's probably conclusive enough. I also suspect that it's something to do with that grub-install that you're running though I have no idea how or in what way.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by enseva » 2018/09/29 23:45:30

TrevorH wrote:
2018/09/29 23:00:14
Right, so that is a Conflicts: that's been added to the latest kernel to ensure that it pulls in the latest shim-x64 package with it. To exclude shim-x64 you'll have to exclude that latest kernel as well as the mokutil package from the update too. That won't then narrow it down to just being shim-x64 that's the problem but I think it's probably conclusive enough. I also suspect that it's something to do with that grub-install that you're running though I have no idea how or in what way.
Well that narrows it down enough that I can send this template back to the tech who created it and tell him he needs to figure it out as a base install from ISO doesn't have the issue, this appears to be caused by some conflict with EFI based on our work-around for Hyper-V which is not the only option for making it work with Hyper-V.

Thanks again.

User avatar
TrevorH
Forum Moderator
Posts: 23879
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by TrevorH » 2018/09/29 23:51:11

You might want to read https://bugs.centos.org/view.php?id=14050 as that's the bug report that the new shim/mokutil packages were produced to fix. I believe the previous versions had wrong paths and missing files. There was also https://bugs.centos.org/view.php?id=14443
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by enseva » 2018/10/02 15:17:00

So I'm still trying to find a work-around for this for existing VMs.

Its seems extremely stupid on CentOS's part to have pushed this update knowing full well it's due to a previous bug that has since been addressed using a work-around (hence the shim) - as this will obviously break existing VMs configured with that work around - without also including some kind of instruction as to what needs to be done to patch existing VMs using the work-around.

Since previously it was impossible to create a CentOS VM in Hyper-V without disabling Secure Boot, I would expect that any "fixes" would account for this in some way. It seems like the attitude from that bug thread is "I found a way around it so it's okay, let's push the update, screw everyone else".

As of right now, there doesn't seem to be a way to both update and successfully reboot the machine. It's unclear if I can just remove the shimx64.efi from the Hyper-V boot order and the enable Secure Boot (since it apparently works correctly now) or if more configuration is required.

enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by enseva » 2018/10/02 16:37:06

I've found a work-around for this. I'm not sure why, but /boot/efi/EFI/centos was *empty*.

After the update, some files are dropped in there, but rebooting w/that results in the broken boot.

Copying the contents of /boot/efi/EFI/BOOT/ to /boot/efi/EFI/centos and rebooting resolves the issue.

cp -r /boot/efi/EFI/BOOT/* /boot/efi/EFI/centos

enseva
Posts: 25
Joined: 2018/09/29 18:30:50

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by enseva » 2018/10/03 16:39:46

I see that this was quietly fixed without any acknowledgement from CentOS.

Doing a yum update now correctly puts files previously found in /boot/efi/EFI/BOOT into /boot/efi/EFI/centos.

This is a significant issue that likely affected MANY people using a Hyper-V environment.

Can we please get a public acknowledgement and explanation of this issue?


This is incorrect.

It is, correct, however, EFI has a long history of bugs in CentOS that seem to display the exact issue I'm having. It is also correct that recent updates seem to have changed the boot configuration with no warning.
Last edited by enseva on 2018/10/04 15:32:38, edited 2 times in total.

User avatar
avij
Forum Moderator
Posts: 2722
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by avij » 2018/10/03 16:45:48

enseva wrote:
2018/10/03 16:39:46
I see that this was quietly fixed without any acknowledgement from CentOS.

Doing a yum update now correctly puts files previously found in /boot/efi/EFI/BOOT into /boot/efi/EFI/centos.

This is a significant issue that likely affected MANY people using a Hyper-V environment.

Can we please get a public acknowledgement and explanation of this issue?
Perhaps your testing was flawed. No updates have been released in the last few days.

User avatar
TrevorH
Forum Moderator
Posts: 23879
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by TrevorH » 2018/10/03 16:49:56

Code: Select all

[root@trevor4 ~]# repoquery -l shim-x64
/boot/efi/EFI/BOOT/BOOTX64.EFI
/boot/efi/EFI/BOOT/fallback.efi
/boot/efi/EFI/BOOT/fbx64.efi
/boot/efi/EFI/centos/BOOT.CSV
/boot/efi/EFI/centos/BOOTX64.CSV
/boot/efi/EFI/centos/MokManager.efi
/boot/efi/EFI/centos/mmx64.efi
/boot/efi/EFI/centos/shim.efi
/boot/efi/EFI/centos/shimx64-centos.efi
/boot/efi/EFI/centos/shimx64.efi
Still the same as it was. Plus, shim-x64 packages still on the mirrors dated 29-Aug-2018 18:01
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

User avatar
avij
Forum Moderator
Posts: 2722
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:

Re: Failed to open \EFI\centos\grubx64.efi - Not Found

Post by avij » 2018/10/03 19:18:07

enseva wrote:
2018/09/29 21:46:57
It appears this issue is related to Hyper-V and the creation of templates which require the following to be run before using that VM as a base for the template:

grub-install --target=x86_64-efi --efi-directory=/boot/efi --no-nvram --removable

I'm not clear why a yum update would result in breaking the EFI config in that case, though.
The kicker is that there's no grub-install in CentOS 7. If you have been using someone else's grub-install that does not know about CentOS paths to manage CentOS boot configuration, I'm not surprised that there are issues. I don't know what your grub-install binary does, but it could, conceivably, use some other path than /boot/efi/EFI/centos for the UEFI boot config. You may be able to get some information about your grub-install if you run rpm -qif $( which grub-install ) but chances are that your grub-install is not packaged into a rpm. In that case which grub-install may show something, like an unusual path for the binary.

Post Reply