Page 2 of 3

Re: kernel 3.10.0-1127.18.2 / grub 2-2.02-0.86 break UEFI boot

Posted: 2020/07/31 21:58:53
by mathog
Is this only for UEFI or can it bite a BIOS system too?

We have some CentOS 7 systems at work which are older Dell's using BIOS instead of UEFI. There were automatic updates on 7/30

Code: Select all

Jul 30 08:02:45 Updated: grub2-common.noarch 1:2.02-0.86.el7.centos
Jul 30 08:02:46 Updated: grub2-tools-minimal.x86_64 1:2.02-0.86.el7.centos
Jul 30 08:02:46 Updated: grub2-tools.x86_64 1:2.02-0.86.el7.centos
Jul 30 08:02:46 Updated: grub2-tools-extra.x86_64 1:2.02-0.86.el7.centos
Jul 30 08:02:47 Updated: grub2-pc-modules.noarch 1:2.02-0.86.el7.centos
Jul 30 08:02:47 Updated: grub2-pc.x86_64 1:2.02-0.86.el7.centos
Jul 30 08:02:47 Updated: kernel-tools-libs.x86_64 3.10.0-1127.18.2.el7
Jul 30 08:02:48 Updated: kernel-tools.x86_64 3.10.0-1127.18.2.el7
Jul 30 08:02:48 Updated: grub2.x86_64 1:2.02-0.86.el7.centos
Jul 30 08:02:48 Updated: python-perf.x86_64 3.10.0-1127.18.2.el7
Jul 30 08:03:22 Installed: kernel-devel.x86_64 3.10.0-1127.18.2.el7
Jul 30 08:03:24 Updated: kernel-headers.x86_64 3.10.0-1127.18.2.el7
Jul 30 08:03:35 Installed: kernel.x86_64 3.10.0-1127.18.2.el7

but there are no RPMs for grub2-efi, shim or mokutil.

Safe???

Thanks.

Uefi CentOS 8 installation becomes unbootable

Posted: 2020/08/01 09:08:58
by gertje
Today the CentOS 7 new grub2 shim-x64 and mokutil are released.
Will we hit the same problem (unbootable systems after upgrade) as with the 8.2 updates regarding grub2?

Please advise!
rgds

Re: kernel 3.10.0-1127.18.2 / grub 2-2.02-0.86 break UEFI boot

Posted: 2020/08/01 11:47:26
by TrevorH
There were CentOS 7 updates released at the same time as the CentOS 8 ones and have been available for several days. And, yes, these also have the potential to break grub so I would personally recommend either not applying them or testing them on identical hardware prior to updating production machines (and even then it appears that it might work in some cases and not in others).

There are no fixed packages available yet. Red Hat believe they have found the cause but it requires rebuilding a new shim and that has to be digitally signed by Microsoft to be acceptable to UEFI machines in secure boot mode everywhere. That introduces a delay into the availability of the fixed version.

Re: kernel 3.10.0-1127.18.2 / grub 2-2.02-0.86 break UEFI boot

Posted: 2020/08/01 12:10:36
by man_beach
larry.fahnoe wrote:
2020/07/31 12:48:00
Once you boot the CentOS CD/DVD, use Troubleshooting and then Rescue to get to the point where you will be able to access your filesystems. I don't do this often either and did not make notes of the prompts from the CentOS boot disk, but Troubleshooting and Rescue are the keywords to look for. The steps I posted earlier are then what you need to follow to downgrade the errant packages and be able to reboot. The only complication is that you'll likely need to set up networking manually, so before you go there, record your IP, net mask, and default gateway so that you can manually add those once you've booted off the CD. You may also need to set the nameserver IP in /etc/resolv.conf. Once you can ping something like www.google.com, you're good to go with the necessary yum downgrade command. If you did make changes to /etc/resolv.conf, once yum finishes downgrading the packages, revert resolv.conf to its original setting. Good luck & take heart that the process really isn't that difficult.

--Larry
My original disk was the live version - there is no Rescue option under Troubleshooting. I have a minimal disk which does have a rescue option under Troubleshooting and managed to connect to the network but trying to downgrade gives an error message
File "/usr/bin/yum", line 28, in <module> import yummain ImportError: No module named yummain

I must admit I'm getting pretty annoyed with this. I suppose my best bet would be to download the most recent ISO (probably take the opportunity to upgrade to CentOS8 while I'm at it), reinstall and not do any updates until it's fixed.

Re: kernel 3.10.0-1127.18.2 / grub 2-2.02-0.86 break UEFI boot

Posted: 2020/08/01 19:17:10
by Starrbuck
The ISO made into a USB stick works great for recovering. That's what I used when this happened to me on my CentOS 7 system on Thursday.

Re: kernel 3.10.0-1127.18.2 / grub 2-2.02-0.86 break UEFI boot

Posted: 2020/08/02 03:32:12
by unbelievable
I created a usb drive from the centos 7 minimal install disk and rescue mode gives the same yum error as above, is the minimal install iso not suitable for system recovery?

Re: kernel 3.10.0-1127.18.2 / grub 2-2.02-0.86 break UEFI boot

Posted: 2020/08/02 05:05:12
by unbelievable
quick fix seems to seems to work

boot centos 7 gnome live usb stick
switch to root
copy .EFI files from live system to non-working system /boot/efi/efi/boot & centos
reboot to prior kernel
yum history undo (last update/relevant update)
reboot
update every thing again accept relevant efi boot stuff

seems to work!

Is it safe to update fwupdate-efi or is that linked to the efi boot problems as well?

Re: kernel 3.10.0-1127.18.2 / grub 2-2.02-0.86 break UEFI boot

Posted: 2020/08/02 09:32:35
by Barmaglot
How do I set up networking in rescue environment? My system is an HPE ProLiant DL380 Gen10, I don't have a second similar system to copy files from, my network is an LACP bonded pair of ports, and the Red Hat article on setting up networking in rescue mode is behind paywall...

Re: kernel 3.10.0-1127.18.2 / grub 2-2.02-0.86 break UEFI boot

Posted: 2020/08/02 11:10:00
by TrevorH
You can read RH KB articles using a free Developer subscription. For more information on the free Red Hat Developer subscription please see https://developers.redhat.com/blog/2016 ... available/ with instructions for renewal on https://developers.redhat.com/articles/ ... scription/

Re: kernel 3.10.0-1127.18.2 / grub 2-2.02-0.86 break UEFI boot

Posted: 2020/08/02 13:18:21
by TrevorH
I am told the new shim packages have now been released for both CentOS 7 and 8. For 7 you need a shim package with version 15-8.el7 or higher. Since it's only just been released you will most likely need to do a `yum clean all` to re-fetch the yum metadata before the package shows up and even then it may not have reached all mirrors yet. This should just be a yum update to fix the problem.