Distributions are usually using some distro-specific means to record bootloader location for future updates (like debconf, /etc/default/grub_installdevice or similar). Unfortunately those means are not widely known; but it is very easy to hit Internet post that recommends "grub-install /dev/sda" as ultimate grub repair tool.
The problem is that this will work ... until next grub update. Then - depending on bootloader location recorded in distro configuration database - core.img used for booting starts to diverge from modules in /boot/grub. With unpredictable effects. Last confirmed example is here: https://forums.opensuse.org/showthread.php/520709-Opensuse-13-2-Howto-set-password-for-single-user-mode-in-grub2?p=2797852#post2797852 Anyone thinks this is a problem (I obviously do)? I see several possible steps to mitigate it. 1. Define grub install locations in /etc/default/grub and use them by grub-install. This way distributions can converge on using it, which makes grub-install more safe. Cons - users will still hit Internet articles that recommend explicit device names years from now. 2. Use some form of checksum and verify it during module load. Similar to what Linux kernel does. Pros - guarantees that module built for different kernel will fail to load, making it obvious instead of crashing in unpredictable way later. Cons - likely increases core size; and platform most susceptible to this issue is also one most sensitive to core size. 3. Variant of 3 - generate single random number on every build. Cons - reproducible builds; will block module loading even if they are binary compatible. _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
