-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sys-boot/grub: Move to portage-stable, bump to 2.12, add Red Hat patches #2301
Conversation
Do you have local changes to
|
The other point: we need a kola test to ensure that the tpm2 eventlog is present and accessible... |
Build action triggered: https://github.com/flatcar/scripts/actions/runs/10845879989 |
Can you expand on this? I haven't changed the config yet, but I was vaguely aware that there's Also, do we want to make that switch right now? I was thinking we might be able to merge these changes ahead of the wider Secure Boot work. |
Looking at the code, I think cmd_linux =
grub_register_command ("linux", grub_cmd_linux,
0, N_("Load Linux."));
cmd_linuxefi =
grub_register_command ("linuxefi", grub_cmd_linux,
0, N_("Load Linux.")); |
We can now use Gentoo's upstream ebuild, save for a few small overrides in a separate env file. This bumps GRUB from 2.06 to 2.12, but with Red Hat's large patch set applied, which is needed for Secure Boot. The existing two Flatcar patches have been rebased. Gentoo's patches are discarded because they conflict and are not relevant to Flatcar. Signed-off-by: James Le Cuirot <[email protected]>
ec4d39a
to
cd1621c
Compare
We're discussing whether the Red Hat patches are actually needed in flatcar/Flatcar#630, but FWIW, Jenkins has actually passed now. |
The amd64 image is now 621KB larger, with most of the increases in /boot, which is very concerning. Dropping the Red Hat patches may help, but I suspect there will still be an increase. Coupled with potential increases to the initrd (which I'm trying to lessen), this could be a real issue. |
Closing in favour of #2318. |
grub: Move to portage-stable, 2.12 bump, add RH patches
We can now use Gentoo's upstream ebuild, save for a few small overrides in a separate env file.
This bumps GRUB from 2.06 to 2.12, but with Red Hat's large patch set applied, which is needed for Secure Boot. The existing two Flatcar patches have been rebased. Gentoo's patches are discarded because they conflict and are not relevant to Flatcar.
How to use
Build an image and try it out. Alternatively, take an existing image, replace grubx64.efi in the first partition, and test with UEFI. You can build grubx64.efi by installing sys-boot/grub to the host and the board root (
--nodeps
should be okay), tweaking the grub_install.sh script, and running the following command.Instructions on how to update the Red Hat patches are included in the README.
Testing done
A Jenkins run passes and local testing with QEMU amd64 works. The amd64 image is about 621KB larger, with most of the increases in /boot, which is very concerning, but not entirely surprising.
changelog/
directory (user-facing change, bug fix, security fix, update)/boot
and/usr
size, packages, list files for any missing binaries, kernel modules, config files, kernel modules, etc.