Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update grub to 2.06 and implement hybrid boot support for x86_64 #1701

Merged
merged 7 commits into from
Aug 18, 2021
Merged

update grub to 2.06 and implement hybrid boot support for x86_64 #1701

merged 7 commits into from
Aug 18, 2021

Conversation

bcressey
Copy link
Contributor

@bcressey bcressey commented Aug 7, 2021

Issue number:
Fixes #1697

Description of changes:
Update grub to 2.06, from Amazon Linux by way of Fedora. Build both EFI and BIOS images for GRUB.

Adjust default grub configurations to take advantage of the improved console support on EFI and BIOS, and to disable module loading for security reasons.

Implement hybrid support for x86_64 images, so they work with either BIOS or EFI firmware.

Testing done:
Verified that the GPT priority functionality works correctly by following these steps for x86_64 (BIOS, EFI) and aarch64 (EFI):

  • launch a test 1.2.0 image
  • update to a test 1.3.0 image
  • verify that 1.3.0 comes up, reboot, and confirm it's still 1.3.0
  • downgrade to a test 1.2.0 image
  • verify that 1.2.0 comes up, reboot, and confirm it's still 1.2.0
  • update to a defective 1.4.0 image
  • verify that the boot fails, reboot, and confirm that it's 1.2.0

Verified that the grub console output was visible on these platforms:

  • EC2 virtualized, for x86_64 (BIOS, EFI) and aarch64 (EFI)
  • EC2 metal, for x86_64 (BIOS) and aarch64 (EFI)
  • VMware guest, for x86_64 (BIOS)

Output was not visible for the VMware guest under EFI, although the guest booted OK. I don't consider this a blocker since we default to BIOS on that platform.

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

@bcressey
kernel: enable EFI for x86_64
a5f2a7b 
Signed-off-by: Ben Cressey <[email protected]>
@bcressey
grub: build EFI and BIOS images for x86_64
efb5d65 
Previously we built x86_64 images for BIOS only; now we want to build
them for EFI as well.

This cleans up the GRUB related macros, which assumed a single target
per architecture, and special cases the BIOS build for x86_64.

Signed-off-by: Ben Cressey <[email protected]>
@bcressey
Copy link
Contributor Author

bcressey commented Aug 7, 2021

Canceled the workflow since I still need to upload the grub source rpm to the lookaside cache.

tjkirch
tjkirch approved these changes Aug 17, 2021
View reviewed changes
Copy link
Contributor

@tjkirch tjkirch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work.

packages/grub/grub.spec Outdated Show resolved Hide resolved
tools/rpm2img Outdated Show resolved Hide resolved
arnaldo2792
arnaldo2792 approved these changes Aug 17, 2021
View reviewed changes
Copy link
Contributor

@arnaldo2792 arnaldo2792 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛥️

@bcressey
grub: update to 2.06
2937c03 
This moves to Amazon Linux as our upstream, by way of Fedora.

Fedora's patches include an implementation of Secure Boot support, as
well as many other fixes that are not yet upstream.

Amazon Linux's patches include fixes for console handling in EC2, and
on metal instances in particular. They also add an option to disable
module loading, which eliminates a potential vector for altering the
boot process.

Signed-off-by: Ben Cressey <[email protected]>
@bcressey
grub: set terminal output for EFI and BIOS
474216e 
Split the configs so we can change the default terminal output based
on whether we're booting from the BIOS or EFI image.

Signed-off-by: Ben Cressey <[email protected]>
@bcressey
grub: disable module loading
5cad921 
The modules we need are all built into the firmware image.

Signed-off-by: Ben Cressey <[email protected]>
@bcressey
grub: add zstd module
20242ae 
This allows us to boot compressed kernels for platforms like aarch64
where the kernel does not support decompressing itself.

Signed-off-by: Ben Cressey <[email protected]>
@bcressey
create hybrid images for x86_64
7bd3f70 
Instead of a single "firmware" partition for either BIOS or EFI, we
now create the BIOS partition for all architectures, and ignore it
except for the x86_64 use case.

Two EFI partitions are allocated out of previously reserved space.
Only the first one is used today; using the second one would require
a scheme to swap the partition types on upgrade, since EFI firmware
will not understand the significance of the GPT priority bits.

The result is a hybrid x86_64 image capable of booting under legacy
BIOS or EFI. With BIOS, the MBR will point to the next GRUB stage in
the BIOS boot partition. With EFI, the firmware will look for the EFI
system partition. In either case, the GRUB image will find the right
boot partition by checking GPT priorities, and load the configuration
file from there.

Signed-off-by: Ben Cressey <[email protected]>
@bcressey bcressey merged commit 9d03347 into bottlerocket-os:develop Aug 18, 2021
@bcressey bcressey deleted the grub-efi-hybrid branch August 18, 2021 05:05
@bcressey bcressey mentioned this pull request Nov 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arnaldo2792 arnaldo2792 arnaldo2792 approved these changes

@tjkirch tjkirch tjkirch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

update grub to 2.06
3 participants
@bcressey @tjkirch @arnaldo2792