Lubuntu
/
livecd-rootfs
mirror of https://git.launchpad.net/livecd-rootfs
3
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: unset initrdless_boot_fallback_triggered instead of setting it to 0

Browse Source 
This fixes GCE shielded VM instances integrity monitoring failures on
focal and later. Our images are built with an empty /boot/grub/grubenv
file, however after the first boot `initrdless_boot_fallback_triggered`
is set to 0. This change in `grubenv` results in integrity monitoring
`lateBootReportEvent` error.

It seems that the only thing that's checking for this `grubenv` variable
is `grub-common.service`, and it is looking specifically for a `1`
value:

  if grub-editenv /boot/grub/grubenv list | grep -q
  initrdless_boot_fallback_triggered=1; then echo "grub:
  GRUB_FORCE_PARTUUID set, initrdless boot paniced, fallback triggered.";
  fi

Unsetting this variable instead of setting it to 0 would prevent issues
with integrity monitoring.
ubuntu/impish
Ivan Kapelyukhin 3 years ago
parent 28c85b9703
commit e7d06dede2
No known key found for this signature in database
GPG Key ID: BD1EB02A07F55E39
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
live-build/functions
Unescape View File

@ -1137,7 +1137,7 @@ if [ -n "${have_grubenv}" ]; then
if [ -n "${initrdfail}" ]; then if [ -n "${initrdfail}" ]; then
set initrdless_boot_fallback_triggered="${initrdfail}" set initrdless_boot_fallback_triggered="${initrdfail}"
else else
set initrdless_boot_fallback_triggered=0 unset initrdless_boot_fallback_triggered
fi fi
save_env initrdless_boot_fallback_triggered save_env initrdless_boot_fallback_triggered
fi fi

Write Preview
Loading…
Cancel
Save