From e7d06dede2c9df60148f12e7af162c0b196f4c12 Mon Sep 17 00:00:00 2001 From: Ivan Kapelyukhin Date: Tue, 8 Feb 2022 12:44:47 +0100 Subject: [PATCH] fix: unset initrdless_boot_fallback_triggered instead of setting it to 0 This fixes GCE shielded VM instances integrity monitoring failures on focal and later. Our images are built with an empty /boot/grub/grubenv file, however after the first boot `initrdless_boot_fallback_triggered` is set to 0. This change in `grubenv` results in integrity monitoring `lateBootReportEvent` error. It seems that the only thing that's checking for this `grubenv` variable is `grub-common.service`, and it is looking specifically for a `1` value: if grub-editenv /boot/grub/grubenv list | grep -q initrdless_boot_fallback_triggered=1; then echo "grub: GRUB_FORCE_PARTUUID set, initrdless boot paniced, fallback triggered."; fi Unsetting this variable instead of setting it to 0 would prevent issues with integrity monitoring. --- live-build/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/live-build/functions b/live-build/functions index b7ca1c6f..6341bf04 100644 --- a/live-build/functions +++ b/live-build/functions @@ -1137,7 +1137,7 @@ if [ -n "${have_grubenv}" ]; then if [ -n "${initrdfail}" ]; then set initrdless_boot_fallback_triggered="${initrdfail}" else - set initrdless_boot_fallback_triggered=0 + unset initrdless_boot_fallback_triggered fi save_env initrdless_boot_fallback_triggered fi