Lubuntu/livecd-rootfs
3
0
Fork 0
mirror of https://git.launchpad.net/livecd-rootfs synced 2025-02-23 03:11:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: unset initrdless_boot_fallback_triggered instead of setting it to 0

Browse Source 
This fixes GCE shielded VM instances integrity monitoring failures on
focal and later. Our images are built with an empty /boot/grub/grubenv
file, however after the first boot `initrdless_boot_fallback_triggered`
is set to 0. This change in `grubenv` results in integrity monitoring
`lateBootReportEvent` error.

It seems that the only thing that's checking for this `grubenv` variable
is `grub-common.service`, and it is looking specifically for a `1`
value:

  if grub-editenv /boot/grub/grubenv list | grep -q
  initrdless_boot_fallback_triggered=1; then echo "grub:
  GRUB_FORCE_PARTUUID set, initrdless boot paniced, fallback triggered.";
  fi

Unsetting this variable instead of setting it to 0 would prevent issues
with integrity monitoring.
This commit is contained in:
Ivan Kapelyukhin 2022-02-08 12:44:47 +01:00
parent d92e2b9444
commit 50e32d93c0
No known key found for this signature in database
GPG Key ID: BD1EB02A07F55E39
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
live-build/functions
View File

@ -1141,7 +1141,7 @@ if [ -n "${have_grubenv}" ]; then
if [ -n "${initrdfail}" ]; then
set initrdless_boot_fallback_triggered="${initrdfail}"
else
set initrdless_boot_fallback_triggered=0
unset initrdless_boot_fallback_triggered
fi
save_env initrdless_boot_fallback_triggered
fi