CentOS 8 UEFI image is unbootable
Bug #1893029 reported by
Michal Nasiadka
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
diskimage-builder |
Incomplete
|
Undecided
|
Michal Nasiadka |
Bug Description
Diskimage-builder built images for CentOS 8 end up in grub shell when booted via UEFI.
After package-installs run with grub2 element, CentOS is not UEFI bootable.
New grub2-efi-* packages put grubenv as a link to /boot/efi/
if previous grubenv file exists - it won't move it, just leave the link as
grubenv.rpmnew. This leads to unbootable system via UEFI.
It seems that after CVE-2020-10713 (famous BootHole) some changes were introduced, and now grubenv needs to be linked to /boot/efi/
summary: |
- CentOS 8 UEFI image is unbeatable + CentOS 8 UEFI image is unbootable |
Changed in diskimage-builder: | |
assignee: | nobody → Michal Nasiadka (mnasiadka) |
status: | New → In Progress |
Changed in diskimage-builder: | |
status: | In Progress → Incomplete |
To post a comment you must log in.
OK, unfortunately I can't replicate this. I am building basically the smallest image
DIB_RELEASE=8 disk-image-create vm centos-minimal block-device-efi
and then I import that into virt-manager, switch the firmware type to EFI and boot it. It works for me from master. So I'm not sure what exactly is wrong.
The important grub bits I'm seeing installing are
--- 1:2.02- 87.el8_ 2.noarch 11/107 minimal- 1:2.02- 87.el8_ 2.x86_64 20/107 1:2.02- 87.el8_ 2.x86_64 69/107 extra-1: 2.02-87. el8_2.x86_ 64 3/8 modules- 1:2.02- 87.el8_ 2.noarch 4/8 x64-1:2. 02-87.el8_ 2.x86_64 6/8 1:2.02- 87.el8_ 2.x86_64 7/8 x64-modules- 1:2.02- 87.el8_ 2.noarch 8/8
2020-09-01 04:43:08.136 | > Installing : grub2-common-
2020-09-01 04:43:08.136 | > Installing : grub2-tools-
2020-09-01 04:43:52.715 | > Installing : grub2-tools-
2020-09-01 04:44:06.214 | Installing : grub2-tools-
2020-09-01 04:44:06.219 | Installing : grub2-pc-
2020-09-01 04:44:06.266 | Installing : grub2-efi-
2020-09-01 04:44:06.399 | Installing : grub2-pc-
2020-09-01 04:44:06.407 | Installing : grub2-efi-
---
I think this has the CVE changes? How are you building the images?