Wiki - https://fedoraproject.org/wiki/Changes/AutomaticBootloaderUpdatesBootc Discussion thread - https://discussion.fedoraproject.org/t/f43-change-proposal-enable-automatic-updates-of-the-bootloader-for-bootable-container-systems-self-contained/158039
This is a proposed Change for Fedora Linux. This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee. == Summary == We will enable automatic updates of the bootloader (GRUB) and shim for Bootable Container systems (bootc base images, Fedora CoreOS). == Owner == * Name/Email: [[User:hhei| Huijing Hei]], h...@fedoraproject.org * Name/Email: [[User:Siosm| Timothée Ravier]], si...@fedoraproject.org * Name/Email: [[User:Walters| Colin Walters]], walt...@fedoraproject.org == Detailed Description == Currently, Bootable Container systems (bootc base images, Fedora CoreOS) do not perform bootloader updates automatically during OS upgrades. This means the GRUB and shim binaries on disk may become outdated even after a user performs an upgrade. Instead, the user is responsible for manually updating the bootloader using `bootupctl update` or `systemctl start bootloader-update.service`. With this change, users do not need to manually update the bootloader - it is handled automatically after upgrades. When a new deployment is created (e.g., via `bootc update` or `rpm-ostree upgrade`), and if the new image contains updated bootloader artifacts (shim, grub, etc.), a systemd unit (`bootloader-update.service`) runs on the next boot to apply the update. This feature has been enabled by default at boot for both UEFI and BIOS systems on Fedora Atomic Desktops starting since Fedora 41. For details, see the approved change proposal: [https://fedoraproject.org/wiki/Changes/FedoraSilverblueBootupd FedoraSilverblueBootupd], and the configuration in [https://pagure.io/workstation-ostree-config/blob/f41/f/bootupd.yaml bootupd.yaml]. While bootupd updates are generally safe across both UEFI and BIOS systems, UEFI is the modern and preferred boot mechanism. On UEFI systems, the `EFI System Partition (ESP)` is updated safely using a temporary directory and an atomic `RENAME_EXCHANGE` operation, as implemented in PR [https://github.com/coreos/bootupd/pull/669 #669] and discussed in issue [https://github.com/coreos/bootupd/issues/454 #454]. BIOS (MBR) updates are also supported and have been reliable in practice, but they lack the atomic guarantees and robustness of UEFI. For this reason, UEFI is recommended for systems that rely on automatic bootloader updates. See more discussions in issue [https://github.com/coreos/fedora-coreos-tracker/issues/1468 #1468] and [https://github.com/coreos/bootupd#status bootupd's README] for details about the safety of updates. == Feedback == None so far. == Benefit to Fedora == Bootloader updates generally bring security and other fixes. Applying them automatically will make sure that all systems are running the latest versions without any special intervention from users/admins. == Scope == * Proposal owners: Enable automatic bootloader updates for Bootable Container systems * Other developers: N/A * Release engineering: N/A * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with the Fedora Strategy: N/A == Upgrade/compatibility impact == Existing installations will have their bootloader updated as part of this change. This change should not require any manual action. Users that do not want to have their bootloaders updated automatically for any reason can mask the systemd unit before the Fedora 43 release to disable this functionality. == Early Testing (Optional) == Do you require 'QA Blueprint' support? N == How To Test == * Download an older Fedora CoreOS version, and start it. * Enable `bootloader-update.service`. * Let the system update to the lastest version automatically via Zincati. * Once rebooted, verify that the bootloader components have been updated automatically using bootupd: <pre> $ sudo systemctl status bootloader-update.service $ journalctl -u bootloader-update.service $ sudo bootupctl status </pre> == User Experience == Bootloader updates will be automatically applied in the background on boot. There are no user actions required. User can check the status of their bootloader with the `bootupctl status` command. == Dependencies == N/A == Contingency Plan == * Contingency mechanism: (What to do? Who will do it?) Revert the change * Contingency deadline: Beta/Final freeze * Blocks release? No == Documentation == Mostly already written on the bootc and CoreOS side, will need some small updates: * https://docs.fedoraproject.org/en-US/bootc/bootloader-updates/ * https://docs.fedoraproject.org/en-US/fedora-coreos/bootloader-updates/ == Release Notes == To be written -- Aoife Moloney Fedora Operations Architect Fedora Project Matrix: @amoloney:fedora.im IRC: amoloney -- _______________________________________________ devel-announce mailing list -- devel-annou...@lists.fedoraproject.org To unsubscribe send an email to devel-announce-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel-annou...@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
