EFI system partition

Last change on 2021-05-07 • Created on 2020-03-19

Introduction

The EFI system partition (or ESP) is an OS independent partition formatted in FAT12, FAT16 or FAT32 that acts as the storage place for the EFI bootloaders and drivers to be launched by the UEFI firmware, and it is mandatory for the UEFI boot.

Set up EFI system partition

Linux (using GRUB)

First, you need to change the partition table. Ensure that there is at least 200MB of unpartitioned space available on every disk. To create an ESP, you need to define the partition in the partition table. You can do this with gdisk.

$ gdisk /dev/nvme0n1
GPT fdisk (gdisk) version 1.0.3

Partition table scan:
  MBR: protective
  BSD: not present
  APM: not present
  GPT: present

Found valid GPT with protective MBR; using GPT.

Command (? for help):

The selected disk has a GPT partition table. Type in p to print out the current partiton table.

Command (? for help): p
Disk /dev/nvme0n1: 1000215216 sectors, 476.9 GiB
Model: SAMSUNG MZVLB512HAJQ-00000
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): 81C8DFEB-06A0-4164-84BC-B5F5D696B519
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 1000215182
Partitions will be aligned on 2048-sector boundaries
Total free space is 411614 sectors (201.0 MiB)

Number  Start (sector)    End (sector)  Size       Code  Name
   1            2048       999805582   476.7 GiB   8300  Linux filesystem

Command (? for help):

In this case, there is only one partition with a size of 476.7 GiB where the OS is installed. Also, there is a total free space of 201.0 MiB which are unpartitioned. You will use these 200 MiB for the ESP. To create a new partition, type in n.

Command (? for help): n
Partition number (2-128, default 2):
First sector (34-1000215182, default = 999806976) or {+-}size{KMGTP}:
Last sector (999806976-1000215182, default = 1000215182) or {+-}size{KMGTP}:
Current type is 'Linux filesystem'
Hex code or GUID (L to show codes, Enter = 8300): EF00
Changed type of partition to 'EFI System'

Note: The ESP does not have to be at the beginning of the partition table. You only need to set the Hex code to EF00 and to use a minimum size of 200MiB.

When you're finished, you can write the partition table with w.

Command (? for help): w

Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!

Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/nvme0n1.
The operation has completed successfully.

To ensure that the partition table gets reloaded run partprobe.

The output of lsblk should look similar to this:

$ lsblk
NAME        MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
loop0         7:0    0     4G  1 loop
nvme0n1     259:0    0   477G  0 disk
├─nvme0n1p1 259:4    0   512M  0 part
├─nvme0n1p2 259:5    0 476.2G  0 part
└─nvme0n1p3 259:6    0   256M  0 part

NOTE

If the server has more than one disk in the system, then it is recommended to make the ESP in a RAID 1. The important thing in this case is to set --metadata=1.0 on the MD. This will write the MD metadata to the end of the partition and not to the start of the partition. This is needed in this case to give the UEFI firmware the ability to detect the ESP.

First, check the state of MD with cat /proc/mdstat. The output should look similar to this:

Personalities : [raid1] [raid10] [linear] [multipath] [raid0] [raid6] [raid5] [raid4]
md0 : active raid1 nvme0n1p1[1] nvme1n1p1[0]
      523712 blocks super 1.2 [2/2] [UU]

md1 : active raid1 nvme0n1p2[1] nvme1n1p2[0]
      1874716672 blocks super 1.2 [2/2] [UU]
      bitmap: 1/14 pages [4KB], 65536KB chunk

In this case, the next available "md-device" would be md2. You will use this for the ESP. Create the partition on every device as already described above.

Create the MD device like this. (You need to adapt the amount of raid-devices and the logical devices):

mdadm --create --verbose --level=1 --raid-devices=2 --metadata=1.0 /dev/md/2 /dev/nvme0n1p3 /dev/nvme1n1p3

After creating the MD device, generate the mdadm.conf.

mdadm --detail --scan /dev/md/2 >> /etc/mdadm/mdadm.conf

Format the freshly created partition with FAT32:

$ mkfs.vfat -F 32 /dev/nvme0n1p3 # or the md device
mkfs.fat 4.1 (2017-01-24)

Create the directory /boot/efi with mkdir /boot/efi.

Mount the ESP partition to /boot/efi with mount.

Get the UUID of the partition with blkid -o value -s UUID /dev/your_esp_partition_or_md_device and create a new fstab entry:

UUID=the_uuid_of_the_esp /boot/efi vfat umask=0077 0 1

To install the EFI boot binaries, you need to first install the EFI-GRUB bootloader.

On Debian/Ubuntu, it is grub-efi-amd64-bin; on CentOS, it is grub2-efi-x64.

Now you can install the EFI-GRUB bootloader:

$ # Ubuntu/Debian
$ grub-install --target=x86_64-efi --efi-directory=/boot/efi --no-floppy --no-nvram --removable

$ # CentOS
$ grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg

Windows

Since Windows Server 2012, Microsoft has provided a tool called mbr2gpt which automatically converts the partition table to GPT and also creates an ESP.

It is recommended you do this in a WinPE environment, but you can also do it in a running system.

Open an elevated command prompt (cmd) and run mbr2gpt /validate /allowFullOS. Note: /allowFullOS is only required when doing the conversion in the running system (no WinPE). The output should look similar to this:

C:\Windows\System32> mbr2gpt /validate /allowFullOS
MBR2GPT: Attempting to validate disk 0
MBR2GPT: Retrieving layout of disk
MBR2GPT: Validating layout, disk sector size is: 512 bytes
MBR2GPT: Validation completed successfully

Important: If the validation fails, then please abort here and check why it failed. If the disk is dynamic, then it is not possible to do this using this method.

If the validation succeeded, then continue with the conversion. You can do this with mbr2gpt /convert /allowFullOS. The output should look similar to this:

C:\Windows\System32> mbr2gpt /convert /allowFullOS
MBR2GPT will now attempt to convert the default book disk.
If conversion is successful the disk can only be booted in GPT mode.
These changes cannot be undone!

MBR2GPT: Attempting to convert disk 0
MBR2GPT: Retrieving layout of disk
MBR2GPT: Validating layout, disk sector size is: 512 bytes
MBR2GPT: Trying to shrink the OS partition
MBR2GPT: Creating the EFI system partition
MBR2GPT: Installing the new boot files
MBR2GPT: Performing the layout conversion
MBR2GPT: Migrating default boot entry
MBR2GPT: Adding recovery boot entry
MBR2GPT: Fixing drive letter mapping
MBR2GPT: Conversion completed successfully
MBR2GPT: Before the new system can boot properly you need to switch the firmware to boot to UEFI mode!

Now you can change the boot firmware to UEFI.

Table of Contents