[PATCH] Set BootPolicy to FALSE on LoadImage() to fix sporadic boot failures
32 views
Skip to first unread message
Jan Kiszka
Mar 9, 2026, 3:59:30 AM (6 days ago) Mar 9
to EFI Boot Guard, Matthias Goldammer
From: Jan Kiszka <jan.k...@siemens.com>
The failures were reported from the firmware that ESXi 8 is shipping:
Sporadically, LoadImage returned "file not found" after warm reboots.
And that is likely related to BootPolicy being set to TRUE as the issue
disappears after setting it to FALSE.
Setting BootPolicy to TRUE is, according to the UEFI spec, excluding the
use of EFI_LOAD_FILE2_PROTOCOL while resolving the provided file path.
The parameter is furthermore characterized such that TRUE "indicates
that the request originates from the boot manager, and that the boot
manager is attempting to load DevicePath as a boot selection". That does
not apply to our usage, and it is also set to FALSE by other
bootloaders, namely grub and systemd-boot.
The change setting it to TRUE originates from a modification that
pre-dated our open source publication. The commit was adding label
support to the kernel path but was not explaining why that required to
flip BootPolicy.
Consequently, it is best to swim with the stream of other bootloaders
and set it to FALSE.
Reported-by: Matthias Goldammer <matthias....@siemens.com>
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/main.c b/main.c
index b1bbc56..83cbcab 100644
--- a/main.c
+++ b/main.c
@@ -200,7 +200,7 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *system_table)
}
/* Load and start image */
- status = BS->LoadImage(TRUE, this_image, payload_dev_path, NULL, 0,
+ status = BS->LoadImage(FALSE, this_image, payload_dev_path, NULL, 0,
&payload_handle);
if (EFI_ERROR(status)) {
if (bg_loader_params.ustate == USTATE_TESTING) {
--
2.47.3
The failures were reported from the firmware that ESXi 8 is shipping:
Sporadically, LoadImage returned "file not found" after warm reboots.
And that is likely related to BootPolicy being set to TRUE as the issue
disappears after setting it to FALSE.
Setting BootPolicy to TRUE is, according to the UEFI spec, excluding the
use of EFI_LOAD_FILE2_PROTOCOL while resolving the provided file path.
The parameter is furthermore characterized such that TRUE "indicates
that the request originates from the boot manager, and that the boot
manager is attempting to load DevicePath as a boot selection". That does
not apply to our usage, and it is also set to FALSE by other
bootloaders, namely grub and systemd-boot.
The change setting it to TRUE originates from a modification that
pre-dated our open source publication. The commit was adding label
support to the kernel path but was not explaining why that required to
flip BootPolicy.
Consequently, it is best to swim with the stream of other bootloaders
and set it to FALSE.
Reported-by: Matthias Goldammer <matthias....@siemens.com>
Signed-off-by: Jan Kiszka <jan.k...@siemens.com>
---
main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/main.c b/main.c
index b1bbc56..83cbcab 100644
--- a/main.c
+++ b/main.c
@@ -200,7 +200,7 @@ EFI_STATUS efi_main(EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *system_table)
}
/* Load and start image */
- status = BS->LoadImage(TRUE, this_image, payload_dev_path, NULL, 0,
+ status = BS->LoadImage(FALSE, this_image, payload_dev_path, NULL, 0,
&payload_handle);
if (EFI_ERROR(status)) {
if (bg_loader_params.ustate == USTATE_TESTING) {
--
2.47.3
Reply all
Reply to author
Forward
0 new messages