# Encrypted ZFS root - boot broken



## cmoerz (Oct 31, 2021)

I've just had a "wonderful" time thanks to whoever maintains zfs - after doing a `zpool upgrade`, it told me to do


> gpart bootcode -b /boot/pmbr -p /boot/gptboot -i1 ada0s1


It didn't even tell me that this will break my EFI boot. Granted, I was stupid to simply believe what I read and to do it anyway, since it says "mbr" in there.

Here comes the confusing part: I restarted with an installation USB media, went to shell and tried different approaches after importing my encrypted pool (`geli attach` and `zfs mount zroot/ROOT/default`):

`gpart bootcode -p /boot/boot1.efi -i1 ada0` did not restore boot capability
after realizing, I could not mount my EFI partition and reading that /boot/boot1.efifat is supposedly the contents of the EFI partition, I dd'ed that onto ada0p1 - I could again mount ada0p1 as msdosfs, but still could not boot
What restored boot capabilities for me: I dd'ed the "EFI" partition from the USB installation media onto my "EFI" partition. Somehow, not even the EFI partition on that USB media is fat32, as I could not mount that one either. Still, it restored boot - I can again boot as usual after entering my password.
And I just realize - I also re-enabled MBR boot in BIOS, I should probably check, whether it's actually that, what's "repaired" my broken setup...

Can someone explain, what's going on with EFI boot in conjunction with encrypted ZFS? Why is this no longer a dos partition or did the original `gpart` call just screw everything up for good?

In other posts, that `gpart bootcode` command is hailed as the solution - why did it not fix it? Did something change? I'm still on 12.2-p10, so I'd assume not much should have changed?

PS.  hurrah... my 100'th message on this forum...


----------

