[Bug 1642298] Re: Grub package upgrades overwrites NVRAM, causing MAAS boot order to be overwritten.

dann frazier dann.frazier at canonical.com
Wed Jan 16 16:36:33 UTC 2019 

trusty verification follows. Note: we still haven't gotten to the bottom
of the possible regression in Comment #62, which was correlated with
this same change in xenial. The system where that was seen has been down
for some time, and it is unknown if it is recoverable. I've been unable
to root cause LP: #1750732 from what is available in the report, which
has been set to Incomplete since 2018-10-03. Further, I'm unaware of any
other such reports, even though the xenial update has been out for over
a year.

ubuntu at seuss-FLAKYMEMORY:~$ sudo efibootmgr | grep ubuntu
Boot0000* ubuntu
ubuntu at seuss-FLAKYMEMORY:~$ sudo debconf-show grub-efi-arm64 | grep update_nvram* grub2/update_nvram: false
ubuntu at seuss-FLAKYMEMORY:~$ sudo efibootmgr -B -b 0000 > /dev/null
ubuntu at seuss-FLAKYMEMORY:~$ sudo efibootmgr | grep ubuntu
ubuntu at seuss-FLAKYMEMORY:~$ sudo dpkg-reconfigure -pcritical grub-efi-arm64
Installing for arm64-efi platform.
Installation finished. No error reported.
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.4.0-141-generic
Found initrd image: /boot/initrd.img-4.4.0-141-generic
Found linux image: /boot/vmlinuz-3.13.0-164-generic
Found initrd image: /boot/initrd.img-3.13.0-164-generic
Found linux image: /boot/vmlinuz-3.13.0-163-generic
Found initrd image: /boot/initrd.img-3.13.0-163-generic
Adding boot menu entry for EFI firmware configuration
done
ubuntu at seuss-FLAKYMEMORY:~$ sudo efibootmgr | grep ubuntu
ubuntu at seuss-FLAKYMEMORY:~$ 


** Tags removed: verification-needed verification-needed-trusty
** Tags added: verification-done verification-done-trusty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1642298

Title:
  Grub package upgrades overwrites NVRAM, causing MAAS boot order to be
  overwritten.

Status in curtin:
  Confirmed
Status in MAAS:
  Fix Released
Status in MAAS 2.2 series:
  Won't Fix
Status in grub2 package in Ubuntu:
  Fix Released
Status in grub2-signed package in Ubuntu:
  Fix Released
Status in grub2 source package in Trusty:
  Fix Committed
Status in grub2-signed source package in Trusty:
  Fix Committed
Status in grub2 source package in Xenial:
  Fix Released
Status in grub2-signed source package in Xenial:
  Fix Released
Status in grub2 source package in Yakkety:
  Won't Fix
Status in grub2-signed source package in Yakkety:
  Won't Fix

Bug description:
  [Impact]
  Typically when you install Ubuntu on an EFI system, it installs a new default EFI boot entry that makes the system reboot directly into the OS. During MAAS installs, curtin is careful to disable that behavior. MAAS requires the default boot entry to remain PXE, so that it can direct the system to boot from disk or network as necessary. curtin does this by passing --no-nvram to grub-install when installing the bootloader.

  *Update*: newer curtin releases actually allow the creation of a new
  boot entry, but updates the boot menu to make PXE the default. That
  change is orthogonal to this bug.

  ***However***, this doesn't stop a new default boot entry from being
  added after deploy. If the user installs a grub package update or
  manually runs 'grub-install', booting from disk will become the
  default, and MAAS will lose control of the system.

  [Proposed Solution (er... glorified workaround)]
  The GRUB package in zesty now has support for setting the --no-nvram flag *persistently*. This is implemented via a debconf template (grub2/update_nvram). If curtin sets this flag to "false" during install, post-deploy grub updates will also pass the --no-nvram flag when running grub-install.

  This isn't a perfect solution - users can still call grub-install
  manually and omit this flag.

  [Test Case]
   - MAAS deploy an EFI system.
   - After deploy, login and run 'sudo apt --reinstall install grub-efi-$(dpkg --print-architecture)
   - Reboot and observe that the system does not PXE boot.

  [Regression Risk]
   - The GRUB implementation does not change the defaults of the package. The user would need to opt-in to the "grub2/update_nvram=false". This option is also only presented to users who specifically request a low debconf priority (e.g. expert mode installs).
   - XXX curtin risk XXX

To manage notifications about this bug go to:
https://bugs.launchpad.net/curtin/+bug/1642298/+subscriptions

More information about the foundations-bugs mailing list