EFI system partition

Last change on 2020-05-19 • Created on 2020-03-19

Introduction

The EFI system partition (or ESP) is an OS independent partition formatted in FAT12, FAT16 or FAT32 that acts as the storage place for the EFI bootloaders and drivers to be launched by the UEFI firmware and it is mandatory for the UEFI boot.

Setup EFI system partition

Linux (using GRUB)

The Partition table has to be changed first. Ensure that there is at least 200MB of not partitioned space available on every disk. To create an ESP, the partition needs to get defined in the partition table. This can be done with gdisk.

$ gdisk /dev/nvme0n1
GPT fdisk (gdisk) version 1.0.3

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.

Command (? for help):

The selected disk does have a GPT Partition table. Type in p to print out the current partiton table.

Command (? for help): p
Disk /dev/nvme0n1: 1000215216 sectors, 476.9 GiB
Model: SAMSUNG MZVLB512HAJQ-00000
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): 81C8DFEB-06A0-4164-84BC-B5F5D696B519
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 1000215182
Partitions will be aligned on 2048-sector boundaries
Total free space is 411614 sectors (201.0 MiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048       999805582   476.7 GiB   8300  Linux filesystem

Command (? for help):

In this case, there is only one partition with a size of 476.7 GiB where the OS is installed. Also, there is a total free space of 201.0 MiB which are unpartitioned. These 200 MiB will be used for the ESP. To create a new partition, type in n.

Command (? for help): n
Partition number (2-128, default 2):
First sector (34-1000215182, default = 999806976) or {+-}size{KMGTP}:
Last sector (999806976-1000215182, default = 1000215182) or {+-}size{KMGTP}:
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300): EF00
Changed type of partition to 'EFI System'

Please Note: The ESP does not have to be at the beginning of the partition table. The only need is to set the Hex code to EF00 and to use a minimum size of 200MiB.

When finished, the partition table can be written with w.

Command (? for help): w

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!

Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/nvme0n1.
The operation has completed successfully.

To ensure that the partition table gets reloaded run partprobe.

The output of lsblk can now look like this:

$ lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
loop0         7:0    0     4G  1 loop
nvme0n1     259:0    0   477G  0 disk
├─nvme0n1p1 259:4    0   512M  0 part
├─nvme0n1p2 259:5    0 476.2G  0 part
└─nvme0n1p3 259:6    0   256M  0 part

NOTE

If the server has more than one disk in the system, then it is recommended to make the ESP in a RAID 1. The important thing in this case is to set --metadata=1.0 on the MD. This will write the MD metadata to the end of the partition and not to the start of the partition. This is needed in this case to give the UEFI firmware the ability to detect the ESP.

First, check with cat /proc/mdstat the state of MD. The output can be like this:

Personalities : [raid1] [raid10] [linear] [multipath] [raid0] [raid6] [raid5] [raid4]
md0 : active raid1 nvme0n1p1[1] nvme1n1p1[0]
      523712 blocks super 1.2 [2/2] [UU]

md1 : active raid1 nvme0n1p2[1] nvme1n1p2[0]
      1874716672 blocks super 1.2 [2/2] [UU]
      bitmap: 1/14 pages [4KB], 65536KB chunk

In this case, the next available "md-device" would be md2. This will be used for the ESP. Create the partition on every device as already described above.

Create the md device like this (the amount of raid-devices and the logical devices needs to get adopted):

mdadm --create --verbose --level=1 --raid-devices=2 --metadata=1.0 /dev/md/2 /dev/nvme0n1p3 /dev/nvme1n1p3

After creation, the mdadm.conf should be generated.

mdadm --detail --scan /dev/md/2 >> /etc/mdadm/mdadm.conf

Format the fresh-created partition with FAT32:

$ mkfs.vfat -F 32 /dev/nvme0n1p3 # or the md device
mkfs.fat 4.1 (2017-01-24)

Create the directory /boot/efi with mkdir /boot/efi.

Mount the ESP partition to /boot/efi with mount.

Get the UUID of the partition with blkid -o value -s UUID /dev/your_esp_partition_or_md_device and create a new fstab entry:

UUID=the_uuid_of_the_esp /boot/efi vfat umask=0077 0 1

To install the EFI boot binaries, the EFI-GRUB bootloader needs to be installed first.

On Debian/Ubuntu it is grub-efi-amd64-bin, on CentOS it is grub2-efi-x64.

Now the EFI-GRUB bootloader can be installed:

$ # Ubuntu/Debian
$ grub-install --target=x86_64-efi --efi-directory=/boot/efi --no-floppy --no-nvram --removable

$ # CentOS
$ grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

Windows

Microsoft offers since Windows Server 2012 a tool called mbr2gpt which automatically convert's the partition table to GPT and also creates an ESP.

It is recommended to do this in a WinPE Environment but it can be also done in a running system.

Open an elevated Command prompt (cmd) and run mbr2gpt /validate /allowFullOS. Please note that /allowFullOS is only required when doing the convertion in the running system (no WinPE). The output should be like this:

C:\Windows\System32> mbr2gpt /validate /allowFullOS
MBR2GPT: Attempting to validate disk 0
MBR2GPT: Retrieving layout of disk
MBR2GPT: Validating layout, disk sector size is: 512 bytes
MBR2GPT: Validation completed successfully

Important: If the validation fails, then please abort here and check why it fails. If the disk is dynamic then there is no posibility to do this on this way.

If the validation succeeded, then continue with the convertion. This can be done with mbr2gpt /convert /allowFullOS. The output should be like this:

C:\Windows\System32> mbr2gpt /convert /allowFullOS
MBR2GPT will now attempt to convert the default book disk.
If conversion is successful the disk can only be booted in GPT mode.
These changes cannot be undone!

MBR2GPT: Attempting to convert disk 0
MBR2GPT: Retrieving layout of disk
MBR2GPT: Validating layout, disk sector size is: 512 bytes
MBR2GPT: Trying to shrink the OS partition
MBR2GPT: Creating the EFI system partition
MBR2GPT: Installing the new boot files
MBR2GPT: Performing the layout conversion
MBR2GPT: Migrating default boot entry
MBR2GPT: Adding recovery boot entry
MBR2GPT: Fixing drive letter mapping
MBR2GPT: Conversion completed successfully
MBR2GPT: Before the new system can boot properly you need to switch the firmware to boot to UEFI mode!

Now the boot firmware can be changed to UEFI.

Table of Contents