On Sun, Dec 6, 2015 at 8:05 AM, drago01 <drag...@gmail.com> wrote: > On Wed, Dec 2, 2015 at 4:30 AM, Andrew Lutomirski <l...@mit.edu> wrote: >> Since the old proposal to have the bootloader automatically enumerate >> boot options never went anywhere, can we do the next best thing? >> >> Specifically, these days grub2-mkconfig appears to produce output >> that's functionally identical to what grubby generates. Can we switch >> new-kernel-pkg to just regenerate the grub2 config using >> grub2-mkconfig instead of using grubby? >> >> Debian has worked like this forever, and IMO it's superior in pretty >> much all respects. There are already nice config hooks for making >> custom changes, and they're a lot more reliable than trusting grubby >> to do what you expect it to do. > > Well mkconfig can produce a configuration that does not actually work > when grub2 itself gets updated (in which case the bootloader does not > get rewritten).
Hypothetically on BIOS systems, a GRUB core.img [1] could become stale over time, and an upgraded grub-mkconfig could introduce an incompatible format change, but that's really unlikely and wouldn't be intentional. This isn't possible on UEFI. Any update of grub2-efi means the core.img is replaced with a generically built one (that's also signed by a Fedora key for the purposes of supporting UEFI Secure Boot). > Until this is fixed grub2-mkconfig is dangerous and should not be used. That's such an overstatement as to be wrong. Pretty much all other distributions have been doing this for a long time to no ill effect. On a BIOS computer, a Fedora upgrade (fedup or dnf-plugin-system-upgrade) will lack generation of a new core.img, where a new installation will have a new core.img (and new grub.cfg). So there's a risk of problems due to core.img becoming increasingly stale with successful upgrades rather than reinstalls. But since grubby is responsible for modifying rather than replacing grub.cfg with grub-mkconfig, it's probably less of a concern than the lack of bug and security fixes going into the core.img. [1] The code embedded into the MBR gap, or BIOSBoot partition; a.k.a. GRUB legacy terminology was stage 2 bootloader. It's created and embedded by the grub2-install command; which is unnecessary (and arguably deprecated) on UEFI systems. -- Chris Murphy -- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
