What to do if Linux CentOS broke GRUB2-efi boot loaders

What to do if Linux CentOS broke GRUB2-efi boot loaders

Some users RHEL CentOS 8 and 8 have experienced problems after installing yesterday’s update bootloader GRUB2 Troubleshooting a critical vulnerability. Problems manifest themselves in the inability to boot after installing the updates, including on systems without UEFI Secure Boot.

On some systems (for example, HP ProLiant XL230k Gen1 without UEFI Secure Boot) the problem manifests itself, including on a freshly installed minimal configuration RHEL 8.2. After updating packages and rebooting occurs freezes and doesn’t even show the GRUB menu. Similar problems with downloading marked for RHEL 7 and CentOS 7 as well as for Ubuntu and Debian.

After starting yum update on CentOS when it restarts you can wait for a surprise in the form Kirpichnogo server, which hangs on the splash screen of the BIOS.

On the issue on forums and bugtracker wrote in July 2020. It seems that the problem affects all systems with UEFI loader and relevant at least for versions CentOS 7.8 and 8.2.

The problem manifests itself at the time reboot the server with the hung splash screen of the BIOS, from which at first do not understand what happens — no errors, no console, grub just hung the bios splash screen.

The decision

If after upgrading the server did not reboot, to not get a brick when it restarts, it is sufficient to roll back the upgrade grub2 packages and their dependencies:

yum downgrade grub2* shim* mokutil

However, if the server was rebooted and the brick still got to restore the boot loader will need a Live CD or flash drive. The sequence of actions to roll back packages to not rusamaza the following:

  • To boot from a Live CD (version 7 you can take here);
  • To configure the network;
  • To mount your root partition to /mnt/sysimage;
  • To mount the /boot partition to /mnt/sysimage/boot and a /boot/efi in /mnt/sysimage/boot/efi;
  • To execute the sequence of commands:
mount -o bind /dev/urandom /mnt/sysimage/dev/urandom
echo 'nameserver' > /mnt/sysimage/etc/resolv.conf
chroot /mnt/sysimage
yum downgrade grub2* shim* mokutil

After that, the loader will be updated to the old version and the server should boot.

Excluding packages from update

So the next time you update the loader again, not broke, it is necessary to add problematic packages in the exceptions (line exclude=grub2* shim* mokutil) in the configuration file yum /etc/yum.conf.

Problematic versions of the packages for CentOS 7, with them broken UEFI boot loader:



Source: habr.com and opennet.ru

WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments

Do NOT follow this link or you will be banned from the site!
Would love your thoughts, please comment.x

Spelling error report

The following text will be sent to our editors: