Failure to upgrade after a reinstalls on UEFI systems #12300
Description
Bug Report
Description
On UEFI systems, Talos sets the LoaderEntryDefault EFI variable to pin a
specific UKI version (e.g., Talos-v1.11.5~9.efi) for systemd-boot. If the
system is later reinstalled by flashing a new qcow2 or raw image over the
previous one, this EFI variable is not cleared and becomes stale. Then,
subsequent Talos upgrades fail (see logs below).
The upgrade process appears to be disrupted by the stale EFI variable pointing
to an old, non-existent version, which prevents it from correctly setting the
new boot entry. This leaves Talos in a state where it cannot be upgraded
without manually clearing up the stale EFI variable.
This issue is particularly problematic in bare-metal cloud environments where
"bring your own image" (BYOI) is used for installation, as these processes
typically don't wipe EFI variables.
One possible solution could be to clear up systemd-boot EFI variables on first
boot, or set the LoaderEntryDefault to the currently loaded UKI, but this
won't help users currently in a broken state.
Logs
$ talosctl --talosconfig ./talosconfig -n 192.168.122.170 -e 192.168.122.170 upgrade -i factory.talos.dev/metal-installer/9f14d3d939d420f57d8ee3e64c4c2cd29ecb6fa10da4e1c8ac99da4b04d5e463:v1.11.5 --debug
[…]
192.168.122.170: user: warning: [2025-11-28T16:29:00.725472867Z]: [talos] phase upgrade (9/13): 1 tasks(s)
192.168.122.170: user: warning: [2025-11-28T16:29:00.725504867Z]: [talos] task upgrade (1/1): starting
192.168.122.170: user: warning: [2025-11-28T16:29:00.725525867Z]: [talos] task upgrade (1/1): performing upgrade via "factory.talos.dev/metal-installer/9f14d3d939d420f57d8ee3e64c4c2cd29ecb6fa10da4e1c8ac99da4b04d5e463:v1.11.5"
192.168.122.170: user: warning: [2025-11-28T16:29:00.804300867Z]: 2025/11/28 16:29:00 running Talos installer v1.11.5
192.168.122.170: user: warning: [2025-11-28T16:29:00.807894867Z]: 2025/11/28 16:29:00 system disk wipe on upgrade is not supported anymore, option ignored
192.168.122.170: user: warning: [2025-11-28T16:29:00.810397867Z]: 2025/11/28 16:29:00 running pre-flight checks
192.168.122.170: user: warning: [2025-11-28T16:29:00.811489867Z]: 2025/11/28 16:29:00 host Talos version: v1.11.5
192.168.122.170: user: warning: [2025-11-28T16:29:00.811499867Z]: 2025/11/28 16:29:00 all pre-flight checks successful
192.168.122.170: user: warning: [2025-11-28T16:29:00.814956867Z]: 2025/11/28 16:29:00 probing bootloader on "/dev/vda"
192.168.122.170: user: warning: [2025-11-28T16:29:00.816990867Z]: 2025/11/28 16:29:00 GRUB: BOOT partition not found, skipping probing
192.168.122.170: user: warning: [2025-11-28T16:29:00.819465867Z]: 2025/11/28 16:29:00 sd-boot: found UKI files: [Talos-v1.11.5~2.efi Talos-v1.11.5~3.efi]
192.168.122.170: user: warning: [2025-11-28T16:29:00.822158867Z]: 2025/11/28 16:29:00 sd-boot: LoaderEntryDefault: Talos-v1.11.5~9.efi
192.168.122.170: user: warning: [2025-11-28T16:29:00.822164867Z]: 2025/11/28 16:29:00 sd-boot: found boot entry: Talos-v1.11.5~9.efi
192.168.122.170: user: warning: [2025-11-28T16:29:00.822620867Z]: Error: failed to probe bootloader on upgrade: sd-boot: no valid sd-boot config found, cannot continue
192.168.122.170: user: warning: [2025-11-28T16:29:00.822631867Z]: Usage:
192.168.122.170: user: warning: [2025-11-28T16:29:00.822636867Z]: installer install [flags]
192.168.122.170: user: warning: [2025-11-28T16:29:00.822639867Z]:
192.168.122.170: user: warning: [2025-11-28T16:29:00.822642867Z]: Flags:
192.168.122.170: user: warning: [2025-11-28T16:29:00.822645867Z]: -h, --help help for install
192.168.122.170: user: warning: [2025-11-28T16:29:00.822649867Z]:
192.168.122.170: user: warning: [2025-11-28T16:29:00.822652867Z]: Global Flags:
192.168.122.170: user: warning: [2025-11-28T16:29:00.822655867Z]: --arch string The target architecture (default "amd64")
192.168.122.170: user: warning: [2025-11-28T16:29:00.822659867Z]: --board string Deprecated: no op (default "none")
192.168.122.170: user: warning: [2025-11-28T16:29:00.822663867Z]: --bootloader Deprecated: no op (default true)
192.168.122.170: user: warning: [2025-11-28T16:29:00.822666867Z]: --config string The value of talos.config
192.168.122.170: user: warning: [2025-11-28T16:29:00.822670867Z]: --disk string The path to the disk to install to
192.168.122.170: user: warning: [2025-11-28T16:29:00.822673867Z]: --extra-kernel-arg stringArray Extra argument to pass to the kernel
192.168.122.170: user: warning: [2025-11-28T16:29:00.822677867Z]: --force Indicates that the install should forcefully format the partition
192.168.122.170: user: warning: [2025-11-28T16:29:00.822681867Z]: --meta metaValueSlice A key/value pair for META (default [])
192.168.122.170: user: warning: [2025-11-28T16:29:00.822684867Z]: --platform string The value of talos.platform
192.168.122.170: user: warning: [2025-11-28T16:29:00.822688867Z]: --upgrade Indicates that the install is being performed by an upgrade
192.168.122.170: user: warning: [2025-11-28T16:29:00.822691867Z]: --zero Indicates that the install should write zeros to the disk before installing
192.168.122.170: user: warning: [2025-11-28T16:29:00.822696867Z]:
192.168.122.170: user: warning: [2025-11-28T16:29:00.822698867Z]: failed to probe bootloader on upgrade: sd-boot: no valid sd-boot config found, cannot continue
192.168.122.170: kern: info: [2025-11-28T16:29:00.825786867Z]: vda: vda1 vda2 vda4 vda5
Environment
- Talos version: v1.11.5 and v1.12.0-beta.0
- Kubernetes version: not relevant
- Platform: metal