johnnyjuki
September 1, 2021, 2:29pm
1
I compiled a vanilla kernel, built a rpm package out of it, installed the RPM package, and created a new vmlinuz that is signed (due to SecureBoot) with this script:
#!/usr/bin/env bash
read -p "Kernel version: " ver
echo $ver
sudo sbsign --key MOK.priv --cert MOK.pem /boot/vmlinuz-$ver --output /boot/vmlinuz-$ver.signed
sudo cp /boot/initramfs-${ver}.img /boot/initramfs-${ver}.signed.img
Now I need GRUB to boot /boot/vmlinuz-5.14.0.signed instead of /boot/vmlinuz-5.14.0.
Unfortunately there is no such entry in the GRUB menu.
I tried to update grub with
sudo grub2-mkconfig -o /boot/grub2/grub.cfg
But nothing, there is an entry for the old unsigned kernel, but no entry for the new signed one
dalto
September 1, 2021, 2:50pm
2
Have you tried calling kernel-install add with the appropriate options?
2 Likes
johnnyjuki
September 1, 2021, 4:51pm
3
No I didn’t.
I didn’t know I had to call this, thanks
For now I have just substituted the unsigned kernel with the signed one.
sampsonf
September 2, 2021, 2:04am
4
By default, Fedora is now using grub2 with BLS config: that means there will be no kernel boot entries inside /boot/grub2/grub.conf
In order to change default boot entry, we can use grubby
List all boot entries:sudo grubby --info=ALL
Set new boot default:sudo grubby --set-default-index=<index number> as per output of above
List the default for future boots:sudo grubby --default-index
6 Likes
nippur
September 2, 2021, 1:26pm
5
sampsonf:
By default, Fedora is now using grub2 with BLS config: that means there will be no kernel boot entries inside /boot/grub2/grub.conf
In order to change default boot entry, we can use grubby
or just disable BLS config and do it the old way via /etc/default/grub by adding
GRUB_ENABLE_BLSCFG=false
to the content of /etc/default/grub
1 Like
sampsonf
September 2, 2021, 1:43pm
6
After disabling BLSCFG, when there are kernel updatesl, will Fedora use the “correct” way to update the system?
nippur
September 3, 2021, 1:02pm
7
if you do sudo grub2-mkconfig -o /boot/grub2/grub.cfg after kernel update and before booting, grub should list the new kernel too (unless you boot EFI, then you should do grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg). I do this manually after every kernel update.
2 Likes
johnnyjuki
September 3, 2021, 3:07pm
8
I have read that /boot/efi/EFI/fedora/grub.cfg just links to /boot/grub2/grub.cfg. Isn’t this true?
Actualy my /boot/efi/EFI/fedora/grub.cfg is:
# cat grub.cfg
search --no-floppy --fs-uuid --set=dev [UUID of my disk]
set prefix=($dev)/grub2
export $prefix
configfile $prefix/grub.cfg
Nippur:
if you do sudo grub2-mkconfig -o /boot/grub2/grub.cfg after kernel update and before booting, grub should list the new kernel too (unless you boot EFI, then you should do grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg ). I do this manually after every kernel update.
With Fedora 34 the location of grub.cfg was moved to /boot/grub2/grub.cfg for boot legacy and efi boot. Thus the file in /boot/efi/EFI/fedora/grub.cfg now only redirects the grub boot loader for efi to /boot/grub2/grub.cfg
1 Like
