sbctl: `sbctl verify` returns `failed to find EFI system partition` even though it's there

Hi,

sbctl verify returns failed to find EFI system partition even though it’s there. Unmounting then mounting makes it work. There were no glaring issues with /efi (could read, write, no problem).

# cat /etc/fstab
UUID=F2D4-5BC4                                  /boot           vfat            rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro                                    0       2
UUID=F2D4-5BC4                                  /efi            vfat            rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro                                    0       2

Quick console session:

Console session 
% findmnt /boot
TARGET SOURCE         FSTYPE OPTIONS
/boot  /dev/nvme0n1p1 vfat   rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro
% findmnt /efi 
TARGET SOURCE         FSTYPE OPTIONS
/efi   /dev/nvme0n1p1 vfat   rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro
# sbctl verify
failed to find EFI system partition
% tree /efi
/efi
├── EFI
│   ├── Boot
│   │   └── BOOTX64.EFI
│   ├── Linux
│   │   ├── archlinux-linux-clear-fallback.efi
│   │   ├── archlinux-linux-clear.efi
│   │   ├── archlinux-linux-lts-fallback.efi
│   │   └── archlinux-linux-lts.efi
│   ├── memtest86
│   │   ├── Benchmark
│   │   ├── MemTest86-20221014-153419.log
│   │   ├── MemTest86-20230105-174348.log
│   │   ├── MemTest86.log
│   │   ├── blacklist.cfg
│   │   ├── memtestx64.efi
│   │   ├── mt86.png
│   │   └── unifont.bin
│   └── systemd
│       └── systemd-bootx64.efi
├── amd-ucode.img
├── f7522b4f7bc64ecb9c928c6a3f7e481e
├── initramfs-linux-clear-fallback.img
├── initramfs-linux-clear.img
├── initramfs-linux-lts-fallback.img
├── initramfs-linux-lts.img
├── key
├── loader
│   ├── entries
│   │   ├── memtest86-efi.conf
│   │   ├── toxo-clear-efi.conf.disabled
│   │   ├── toxo-clear.conf
│   │   ├── toxo-lts.conf
│   │   └── toxo-lts.conf_20221014T151752Z
│   ├── entries.srel
│   ├── loader.conf
│   └── random-seed
├── vmlinuz-linux-clear
└── vmlinuz-linux-lts

strace: https://gist.githubusercontent.com/moviuro/8e5f2553fca9e2612b11cb7dd5341eef/raw/df8e25b8cc3259c6e87abc3cc2c3c0ed81519c36/strace%2520sbctl%2520verify%2520(failed).txt

remount and rerun 
# umount /efi          
# mount /efi           # doesn't work with mount -o remount /efi
# sbctl verify
Verifying file database and EFI images in /efi...
✓ /boot/EFI/Linux/archlinux-linux-clear.efi is signed
✓ /boot/EFI/Linux/archlinux-linux-lts.efi is signed
✗ /efi/EFI/Boot/BOOTX64.EFI is not signed
✗ /efi/EFI/Linux/archlinux-linux-clear-fallback.efi is not signed
✗ /efi/EFI/Linux/archlinux-linux-lts-fallback.efi is not signed
✗ /efi/EFI/memtest86/memtestx64.efi is not signed
✗ /efi/EFI/systemd/systemd-bootx64.efi is not signed
✗ /efi/vmlinuz-linux-clear is not signed
✗ /efi/vmlinuz-linux-lts is not signed

strace: https://gist.githubusercontent.com/moviuro/2315b27c313a22d2b41018559482b27e/raw/809d6cb2b5d2de6171910cedc498ec061713ffe6/strace%2520sbctl%2520verify%2520(success).txt

About this issue

  • Original URL
  • State: open
  • Created a year ago
  • Comments: 17 (9 by maintainers)

Most upvoted comments

Yes, so also check if it’s present in MOUNTPOINTS then. That should be nice solution.

+1
Foxboron on Mar 22, 2023
Read more comments on GitHub
← sbctl: Do not run sbctl pacman hook last
sbctl: Unable to enroll keys for strange "permission denied" reason →