EFI message on boot persists

Help
1

I have a weird issue that I’ve tried to debug and fix but I’ve exhausted my knowledge on the topic.

Regular flow during boot up

  1. Nixos generation select screen
  2. zfs prompt for password for the root fs
  3. rest of system bring up
  4. login screen

Issue
In the last couple months, between steps 1 and 2 I briefly see a message that says:

EFI stub: Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path
EFI stub: Measured initrd data into PCR 9

It disappears and the prompt for my zfs password takes over. However, once i3/xserver decides to put my display to sleep, that message/screen comes to the forefront again and I’m unable to get back to my i3 session.

Attempts to solve that didn’t work

  • I’ve tried updating my BIOS but since this isn’t a bug in the BIOS the issue remains
  • Setting initrd.systemd.enable = true;
  • PCR 9 is controlled by the TPM typically so I tried disabling the TPM but that just removes the second line of the message
  • I’ve set boot.consoleLogLevel to 3 and 0
  • I’ve set initrd.verbose = false
  • I’ve set the quiet kernel param. Interestingly this resulted in no message being shown but a black screen that persisted.

The last one in particular makes me think this issue is that a “different” console is being used in stage 1 (or whatever that stage is) and not properly dismissed for some reason. Does that make any sense?

My configuration 
# your system.  Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).

{ config, pkgs, ... }:

let
  xmodmap = pkgs.writeText ".Xmodmap" ''
    keycode 66 = Multi_key
    clear Lock
  '';
in {
  require = [ ../scripts.nix ./packages.nix ./crate.nix ../master.nix ];

  imports = [
    ./hardware-configuration.nix
    (fetchTarball
      "https://github.com/msteen/nixos-vscode-server/tarball/master")
  ];

  fileSystems."/home/adam/Source" = {
    device = "shire/source";
    fsType = "zfs";
  };

  fileSystems."/home/adam/Projects" = {
    device = "shire/projects";
    fsType = "zfs";
  };

  boot = rec {
    kernelPackages = pkgs.linuxPackages_6_1;
    extraModulePackages = [ kernelPackages.v4l2loopback ];
    zfs.requestEncryptionCredentials = true;

    kernelParams = [ "intel_iommu=on" "i915.force_probe=4680" ]; 
    kernelModules = [
      "v4l2loopback"
      "kvm-intel"
      "vfio_virqfd"
      "vfio_pci"
      "vfio_iommu_type1"
      "vfio"
    ];
    extraModprobeConfig = "options vfio-pci ids=10de:2487,10de:228b";

    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
      grub.copyKernels = true;
    };

    supportedFilesystems = [ "zfs" ];
    kernel.sysctl = {
      "dev.i915.perf_stream_paranoid" = 0;
      "net.ipv4.ip_forward" = 1;
      "net.ipv6.conf.all.forwarding" = 1;
    };
  };

  nixpkgs.config.allowUnfree = true;

  nix = {
    settings = {
      auto-optimise-store = true;
      allowed-users = [ "@wheel" ];
    };
    gc = {
      automatic = true;
      dates = "weekly";
      options = "--delete-older-than 30d";
    };
  };

  time.timeZone = "America/New_York";

  networking = {
    interfaces = { enp8s0 = { wakeOnLan.enable = true; }; };
    firewall = {
      enable = true;
      allowedTCPPorts = [ 3000 8080 ];
      allowedUDPPorts = [ 41641 ];
      checkReversePath = "loose";
    };
    hostId = "47ffe1b9"; # head -c4 /dev/urandom | od -A none -t x4
    hostName = "fin";
    iproute2.enable = true;
    wireless = { iwd = { enable = true; }; };
  };

  fonts = {
    enableDefaultPackages = true;
    # Give fonts to 32-bit binaries too (e.g. steam).
    fontconfig.cache32Bit = true;
    packages = with pkgs; [
      hack-font
      google-fonts
      liberation_ttf
      open-sans
      roboto
      roboto-mono
    ];
  };

  sound.enable = true;
  hardware.pulseaudio.enable = false;
  hardware.logitech.wireless.enable = true;
  hardware.i2c.enable = true;

  hardware.opengl = {
    enable = true;
    extraPackages = with pkgs; [
      intel-media-driver # LIBVA_DRIVER_NAME=iHD
      vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
      vaapiVdpau
      libvdpau-va-gl
    ];
  };

  security.polkit.enable = true;
  programs.dconf.enable = true;
  programs.zsh.enable = true;
  programs.ssh.startAgent = true;
  programs.light.enable = true;
  programs.gnupg.agent.enable = true;

  users.users.adam = {
    isNormalUser = true;
    extraGroups = [ "docker" "wheel" "lp" "video" "audio" "libvirtd" ];
    shell = pkgs.zsh;
  };

  services = {
    vscode-server.enable = true;
    syncthing = {
      enable = true;
      user = "adam";
      dataDir = "/home/adam/Sync";
      configDir = "/home/adam/.config/syncthing";
      settings = {
        devices = {
          astromech = {
            id =
              "ITT5GJ7-2YMQNSL-6L5WYRA-FC3YPAO-ON6WKRT-HO27JBK-WVZGPCT-UTCEJQO";
          };
        };
        folders = {
          "/home/adam/Shared" = {
            id = "x2lgj-4mf6q";
            devices = [ "astromech" ];
            label = "Shared";
          };
        };
      };
    };

    xserver = {
      layout = "us";
      enable = true;
      libinput.enable = true;

      desktopManager = { xterm.enable = false; };

      displayManager = {
        defaultSession = "none+i3";
        sessionCommands = "${pkgs.xorg.xmodmap}/bin/xmodmap ${xmodmap}";
      };

      windowManager.i3 = {
        enable = true;
        extraPackages = with pkgs; [
          rofi # application launcher most people use
          i3status # gives you the default i3 status bar
        ];
      };
    };
    lorri.enable = true;
    mpdscribble = {
      enable = true;
      endpoints = {
        "last.fm" = {
          username = "skimpson";
          passwordFile = "/home/adam/lastfm-pass";
        };
      };
    };
    tailscale.enable = true;
    gnome.sushi.enable = true;
    printing = {
      enable = true;
      drivers = [ pkgs.brlaser ];
    };
    openssh.enable = true;
    gnome.gnome-keyring.enable = true;

    zfs = {
      autoSnapshot.enable = true;
      autoScrub.enable = true;
    };

    timesyncd = {
      enable = true;
      servers = [ "time.google.com" ];
    };

    acpid.enable = true;
    colord.enable = true;
    fwupd.enable = true;
    cron.enable = true;
    pipewire = {
      enable = true;
      alsa.enable = true;
      alsa.support32Bit = true;
      pulse.enable = true;
    };

    udev = {
      extraRules = ''
        LABEL="gmk pro regular user access"
        SUBSYSTEMS=="usb", ATTRS{idVendor}=="320f", ATTRS{idProduct}=="5044", TAG+="uaccess"
      '';
    };
  };

  virtualisation = {
    spiceUSBRedirection.enable = true;
    libvirtd = {
      enable = true;

      qemu = {
        package = pkgs.qemu_kvm;
        runAsRoot = true;
        swtpm.enable = true;
        ovmf = {
          enable = true;
          packages = [ pkgs.OVMFFull.fd ];
        };
      };
    };

    docker = {
      enable = true;
      autoPrune.enable = true;
    };
  };

  security.pam = {
    u2f.enable = true;
    u2f.cue = true;
    u2f.authFile = "/home/adam/.config/Yubico/u2f_keys";

    services = {
      login.u2fAuth = true;
      login.fprintAuth = false;
      lightdm.u2fAuth = true;
      sudo.u2fAuth = true;
      sudo.fprintAuth = false;
      lightdm.enableGnomeKeyring = true;
      login.enableGnomeKeyring = true;
    };
  };

  system.autoUpgrade.enable = true;
  system.autoUpgrade.channel = "https://nixos.org/channels/nixos-unstable";

  environment.etc."polkit-gnome-authentication-agent-1".source =
    "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";

  #environment.etc."X11/xorg.conf.d/20-intel.conf" = {};
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.11"; # Did you read the comment?
}```

Thanks in advance!

2

The message is likely a red herring; this is most likely a graphics driver bug.

Check journalctl after wakeup.

What kind of GPU is this?

1 Like
3

Intel UHD Graphics 770 built into a 12600-k.

journalctl doesn’t have anything of note when I let the display sleep and then attempt to wake it.

4

I don’t believe so, this is a normal EFI stub message. I get it too.

5

It would be helpful to post the full command line with which you booted and experimented this.

Let us know what happens when quiet loglevel=3 is set, which should be the baseline for this.

6

I think red-herring about the message just means the message isn’t indicative of a bug. It’s just a regular log type message.

7

Is there a better place to see the full command line than my configuration file?

8

@RaitoBezarius I believe the question isn’t about the EFI message happening at all; it’s about it coming back and staying there when X puts the display to sleep.

1 Like
9

Could you post it anyways? Only from the point on where the suspend to ram shut down the CPUs.

You mean the kernel command line? /proc/cmdline.

That’s what I meant @RaitoBezarius.

10

Apologies, you folks are right! :slight_smile:

1 Like
11

Sorry for the delay, work is back in full swing :slight_smile:

Sorry, I wasn’t clear. It never suspends to ram, it just turns the display off after a period of inactivity.

Thanks for the path! Currently it’s:
initrd=\efi\nixos\mr0939adp2arvmrh3yrygvkfmpm7vh47-initrd-linux-6.1.45-initrd.efi init=/nix/store/w3ndc1dbqw9whbryxxnii8c6f9558qyw-nixos-system-fin-23.11pre514857.caac0eb6bdca/init intel_iommu=on i915.force_probe=4680 nohibernate loglevel=4

12

FWIW, I get the same message at early boot. It appears in a different font and so on from the first kernel messages, and there’s something odd about the display of the first few lines of kernel messages when they appear. I think it looks like the EFI messages are “on top” of the kernel lines, kind of masking them out, but it’s all very quick before the framebuffer gets cleared again.

I could feed the screen into a HDMI capture to be sure, but the point is mostly that this text is visibly being drawn differently into the framebuffer (maybe into the cursor plane? I dunno what else would explain the masking of later text), and that difference may cause some issue for your display. It doesn’t for mine, though - no issues later.

13

IIUC, this text is being written by the EFI stub that the kernel ships, meaning it’s just writing to the UEFI text console, not using the kernel’s own console infrastructure.

1 Like
14

Yeah, exactly, but the issue is more with the result of where and how that lands in the framebuffer / display via those differing methods.

15

Sounds right but why would it hang around then?