I created Rocky 9 aarch64 image by Packer-maas and deployed it to an arm64 machine, but deployment failed with the following error.
Command: ['unshare', '--fork', '--pid', '--', 'chroot', '/tmp/tmpy7xf6hka/target', 'grub2-install', '--target=arm64-efi', '--efi-directory=/boot/efi', '--bootloader-id=rocky', '--recheck']
Exit code: 1
Reason: -
Stdout: ''
Stderr: Installing for arm64-efi platform.
grub2-install: error: This utility should not be used for EFI platforms because it does not support UEFI Secure Boot. If you really wish to proceed, invoke the --force option.
Make sure Secure Boot is disabled before proceeding.
I found a couple of posts and articles about a way to fix this error in rescue mode(see below), but I don’t know what to do with Maas or Packer-Maas to solve this issue.
Although English isn’t my native language, if you read the message carefully, it seems that grub2-install is designed to fail on any EFI platforms unless you add the --force option. The message states, “This utility should not be used for EFI platforms because it does not support UEFI Secure Boot. If you really wish to proceed, invoke the --force option. Make sure Secure Boot is disabled before proceeding.”
To me, the error message indirectly says, “grub2-install isn’t aware of whether or not Secure Boot is enabled. It’s up to you to proceed, but you must add the --force option if you really want to,” which is puzzling to me…
On the other hand, the custom Rocky 9 amd64(not arm64) image that I’ve created by packer-maas works fine on amd64 machines with efi. So the problem seems like a bug of grub2-install being used with “–target=arm64-efi” option, but I’m not so sure…
Is there a way to add “–force” in Curtin or a way to add these three commands before Curtin executes “grub2-install”?
Thanks, @noama, for the comment here. I had actually posted a question for you on the GitHub issue a few weeks ago as I was investigating this. Please visit this link on Github to find out the changes I made.
I’m not sure if you’ve come across this blog post but it has some examples of commands. I’m working on a similar issue with RHEL arm deployments. If I make any headway I’ll post it to this discussion
I used the changes in the diff from this issue and was able to get RHEL 9.5 and Rocky 9 to build successfully. I’m currently looking into the MAAS deployment issue as I hit the same grub2-efi error.
The function below found in /usr/lib/python3/dist-packages/curtin/command/install_grub.py may be able to solve the grub2-efi issue by adding --force. I’m still working to test this but I figured I’d share where I’m at in my work to get RHEL/Rocky arm64 to deploy with MAAS.
def gen_uefi_install_commands(grub_name, grub_target, grub_cmd, update_nvram,
distroinfo, devices, target): if grub_cmd == GRUB_MULTI_INSTALL:
....omitted for brevity...
# grub-multi-install is called with no arguments
install_cmds.append([grub_cmd])
elif grub_cmd:
install_cmds.append(
[grub_cmd, '--target=%s' % grub_target,
'--efi-directory=%s' % efidir, '--bootloader-id=%s' % bootid,
'--recheck', '--force'] + ([] if update_nvram else ['--no-nvram']))
