Trigger a bootupd update before landing latest 6.9 kernel update in Fedora CoreOS #1752
Comments
|
I tested installing Fedora Silverblue 39 and updating to latest commit which comes with the 6.9 kernel and it failed to boot. It's likely that it will fail as well for FCOS. We might not see that in the tests as the bootloader there is always up-to-date as it's a fresh installation. Maybe the upgrade tests will show it. |
|
Note: I won't be there for the meeting today |
|
Just to sanity-check, as expected I can confirm this also affects FCOS. Booting from an f38 image and rebasing to testing-devel (which already has kernel 6.9):
The last few Secure Boot upgrade tests are currently failing, but on what seems to be an unrelated issue. It needs to be looked at. (Or maybe that is what it's failing on; the console logs appear truncated so it's hard to tell.) We did force a bootloader update recently-ish, but only on aarch64. And even then, it's not clear whether it addresses this (when did the fixed e.g. shim/grub enter Fedora 39?). |
For reference, this is the PR where we did this: coreos/fedora-coreos-config#2308. |
|
And it looks like systemd supports |
|
This was discussed today in the community meeting and the following plan was decided :
We will also use the opportunity of this barrier release to fix the aleph issue mentionned above, as this needs fixing to be able to update the bootloader anyway. See the meeting logs for more details : https://meetbot.fedoraproject.org/meeting-1_matrix_fedoraproject-org/2024-06-26/fedora-coreos-meeting.2024-06-26-16.30.log.html |
jbtrystram
added
status/pending-action
|
Should we do some special sauce to detect RAID setups that we currently don't support in bootupd? |
|
Pr to pin kernel 6.8 in testing-devel : coreos/fedora-coreos-config#3041 |
looking at #1485 (comment) |
kernel 6.9 won't boot on system installed prior to F39, as shim is too old. Shim 15.8-3 reached stable on 2023-03-21, so any system using secureboot installed before that won't be able to boot kernel 6.9 See coreos/fedora-coreos-tracker#1752 fedora-silverblue/issue-tracker#543
kernel 6.9 won't boot on system installed prior to F39, as shim is too old. Shim 15.8-3 reached stable on 2023-03-21, so any system using secureboot installed before that won't be able to boot kernel 6.9 See coreos/fedora-coreos-tracker#1752 fedora-silverblue/issue-tracker#543
|
PR with the bootloader update (and aleph fix) : coreos/fedora-coreos-config#3042 |
kernel 6.9 won't boot on system installed prior to F39, as shim is too old. Shim 15.8-3 reached stable on 2023-03-21, so any system using secureboot installed before that won't be able to boot kernel 6.9 See coreos/fedora-coreos-tracker#1752 fedora-silverblue/issue-tracker#543
kernel 6.9 won't boot on system installed prior to F39, as shim is too old. Shim 15.8-3 reached stable on 2023-03-21, so any system using secureboot installed before that won't be able to boot kernel 6.9 See coreos/fedora-coreos-tracker#1752 fedora-silverblue/issue-tracker#543
kernel 6.9 won't boot on system installed prior to F39, as shim is too old. Shim 15.8-3 reached stable on 2023-03-21, so any system using secureboot installed before that won't be able to boot kernel 6.9 See coreos/fedora-coreos-tracker#1752 fedora-silverblue/issue-tracker#543
Yes, good point. I think we should for completeness. |
|
That's a good question and I don't know the answer. I think we'll have to provision an FCOS system with various RAID setups and look at the device configurations. |
|
Added more info re. RAID in coreos/fedora-coreos-config#3042 (comment). Yes, those labels are reliable. The only RAID1 we can try to support is the one we setup ourselves via the mirror Butane sugar. Those labels are defined there: https://github.com/coreos/butane/blob/d26d80317825a24f482d9c6cca2fa80181e0082f/config/fcos/v1_3/translate.go#L165 |
kernel 6.9 won't boot on system installed prior to F39, as shim is too old. Shim 15.8-3 reached stable on 2023-03-21, so any system using secureboot installed before that won't be able to boot kernel 6.9 See coreos/fedora-coreos-tracker#1752 fedora-silverblue/issue-tracker#543
kernel 6.9 won't boot on system installed prior to F39, as shim is too old. Shim 15.8-3 reached stable on 2023-03-21, so any system using secureboot installed before that won't be able to boot kernel 6.9 See coreos/fedora-coreos-tracker#1752 fedora-silverblue/issue-tracker#543
kernel 6.9 won't boot on system installed prior to F39, as shim is too old. Shim 15.8-3 reached stable on 2023-03-21, so any system using secureboot installed before that won't be able to boot kernel 6.9 See coreos/fedora-coreos-tracker#1752 fedora-silverblue/issue-tracker#543
kernel 6.9 won't boot on system installed prior to F39, as shim is too old. Shim 15.8-3 reached stable on 2023-03-21, so any system using secureboot installed before that won't be able to boot kernel 6.9 See coreos/fedora-coreos-tracker#1752 fedora-silverblue/issue-tracker#543
The 6.9 kernel won't boot on systems installed prior to F39, as the shim is too old. Add a systemd unit that updates the bootloader on those machines. Manually handle systems with mirrored ESPs. See also: coreos/fedora-coreos-tracker#1752 Fixes: fedora-silverblue/issue-tracker#543 Co-authored-by: Jonathan Lebon <[email protected]>
The 6.9 kernel won't boot on systems installed prior to F39, as the shim is too old. Add a systemd unit that updates the bootloader on those machines. Manually handle systems with mirrored ESPs. See also: coreos/fedora-coreos-tracker#1752 Fixes: fedora-silverblue/issue-tracker#543 Co-authored-by: Jonathan Lebon <[email protected]>
The 6.9 kernel won't boot on systems installed prior to F39, as the shim is too old. Add a systemd unit that updates the bootloader on those machines. Manually handle systems with mirrored ESPs. See also: coreos/fedora-coreos-tracker#1752 Fixes: fedora-silverblue/issue-tracker#543 Co-authored-by: Jonathan Lebon <[email protected]>
marmijo
added
the
status/pending-testing-release
…stems" This reverts commit 8dd5b81. We've shipped this in a barrier release now. See also: coreos/fedora-coreos-tracker#1752
This reverts commit 7b89c45. We've shipped this in a barrier release now. See also: coreos/fedora-coreos-tracker#1752
This reverts commit 8d4e788. Now that we shipped bootloader updates for Secure Boot systems, we no longer need to pin to v6.8. See also: coreos/fedora-coreos-tracker#1752
|
Revert in coreos/fedora-coreos-config#3054. |
…stems" This reverts commit 8dd5b81. We've shipped this in a barrier release now. See also: coreos/fedora-coreos-tracker#1752
This reverts commit 7b89c45. We've shipped this in a barrier release now. See also: coreos/fedora-coreos-tracker#1752
This reverts commit 8d4e788. Now that we shipped bootloader updates for Secure Boot systems, we no longer need to pin to v6.8. See also: coreos/fedora-coreos-tracker#1752
travier
added
the
status/pending-stable-release
|
The fix for this went into testing stream release |
marmijo
removed
the
status/pending-testing-release
|
With the revert done and the fix landed in testing, I think we can close this one now. |
|
The fix for this went into |
marmijo
removed
status/pending-stable-release
Describe the bug
We have to make sure everyone gets their bootloader updated before we land the 6.9 kernel in FCOS.
See fedora-silverblue/issue-tracker#543
Reproduction steps
Update to 6.9 kernel.
Expected behavior
System boots with Secure Boot enabled
Actual behavior
It doesn't
System details
N/A
Butane or Ignition config
N/AAdditional information
No response
The text was updated successfully, but these errors were encountered: