Grub Boot Hole Crash

From Michael's Information Zone
Jump to navigation Jump to search

I was hit with the BootHole patch crash[1] on my personal server. Before I really knew what to do about it I had destroyed my boot partition trying to recover. The official steps from Red Hat[2] is to downgrade grub, shim, and moktuil, then exclude them from updates. Though they quickly released a fixed shim file[3] which was really the only problem package. In the following I downgraded the others as well.

Before I knew what was going on I got frustrated and deleted the contents of my /boot, figuring I needed to learn how to recover this kind of failure. Then I went through the process.[4]

  • First I booted off install media and entered into recovery.[5][6]
  • Then I bound the install media to sysimage
mkdir /mnt/sysimage/install
mount --bind /mnt/install/repo/BaseOS /mnt/sysimage/install
chroot /mnt/sysimage/install
  • I then removed all the old kernels, leaving just the latest one installed (4.18.0-193.14.2.el8_2). This was to simplify the process as I didn't need the old kernels anyway.
  • After creating a test.repo config file pointing to the /install directory, I then downgraded the packages and re-installed the bootloader
dnf --repo install downgrade grub2\* shim\* mokutil
grub2-install /dev/sda
  • Though I was going to rebuild initramfs and vmlinuz, I realized the scripts for doing this run when installing a kernel. Though I tried to reinstall the kernel nothing would happen. Eventually I realized there is a difference between kernel and kernel-core
dnf reinstall kernel-core -y
  • Great, now I have the basic folder structure and initial boot files. However, if I try to reboot I get the grub command line. At which point I have to manually boot.
set root=(hd0,gpt2)
linuxefi /vmlinuz-4.18.0-193.14.2.el8_2.x86_64 root=/dev/mapper/OS-root
initrdefi /initramfs-4.18.0-193.14.2.el8_2.x86_64.img
boot
  • Silly me, I didn't run the grub2-mkconfig to output to the correct directory on boot. After adding the following I was able to boot again.
grub2-mkconfig -o /boot/grub2/grub.cfg
grub2-mkconfig -o /boot/efi/EFI/centos/grub.cgf