[Bug 2043995] [NEW] fix grub-install to not write modules to /boot before we know we have a valid disk target

Steve Langasek 2043995 at bugs.launchpad.net
Mon Nov 20 14:27:25 UTC 2023 

Public bug reported:

grub2 2.04-1ubuntu26.2 in 2020 introduced a workaround in focal for the
fact that grub2 would write updated modules to /boot/grub, and only
afterwards check that it had a valid disk target for installation of the
first stage bootloader, with the result that if the debconf config for
grub was outdated and points at a device that no longer exists, and
there is ABI skew between the 1st/2nd stage bootloader and the grub
modules from the new package, the system becomes unbootable because it
is unable to load modules from the /boot filesystem, and rollback is not
possible (LP: #1889556).

This was supposed to be a workaround, but the work was never done to fix
grub-install behavior to avoid this detectable and avoidable failure.

We need grub-install to validate the target disk, and if it is
unavailable, abort BEFORE updating /boot/grub with incompatible
contents.

Once this is done, the postinst hack that skips grub-install for grub-pc
should be dropped.

** Affects: grub2 (Ubuntu)
     Importance: High
         Status: New

** Affects: grub2 (Ubuntu Noble)
     Importance: High
         Status: New


** Tags: foundations-todo

** Tags added: foundations-todo

** Changed in: grub2 (Ubuntu)
   Importance: Undecided => High

** Also affects: grub2 (Ubuntu Noble)
   Importance: High
       Status: New

** Changed in: grub2 (Ubuntu Noble)
    Milestone: None => ubuntu-24.04-beta

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2043995

Title:
  fix grub-install to not write modules to /boot before we know we have
  a valid disk target

Status in grub2 package in Ubuntu:
  New
Status in grub2 source package in Noble:
  New

Bug description:
  grub2 2.04-1ubuntu26.2 in 2020 introduced a workaround in focal for
  the fact that grub2 would write updated modules to /boot/grub, and
  only afterwards check that it had a valid disk target for installation
  of the first stage bootloader, with the result that if the debconf
  config for grub was outdated and points at a device that no longer
  exists, and there is ABI skew between the 1st/2nd stage bootloader and
  the grub modules from the new package, the system becomes unbootable
  because it is unable to load modules from the /boot filesystem, and
  rollback is not possible (LP: #1889556).

  This was supposed to be a workaround, but the work was never done to
  fix grub-install behavior to avoid this detectable and avoidable
  failure.

  We need grub-install to validate the target disk, and if it is
  unavailable, abort BEFORE updating /boot/grub with incompatible
  contents.

  Once this is done, the postinst hack that skips grub-install for grub-
  pc should be dropped.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2043995/+subscriptions

More information about the foundations-bugs mailing list