From Fedora Project Wiki

Enable automatic updates of the bootloader for Bootable Container systems

Summary

We will enable automatic updates of the bootloader (GRUB) and shim for Bootable Container systems (bootc base images, Fedora CoreOS).

Owner

Current status

Detailed Description

Currently, Bootable Container systems (bootc base images, Fedora CoreOS) do not perform bootloader updates automatically during OS upgrades. This means the GRUB and shim binaries on disk may become outdated even after a user performs a upgrade. Instead, the user is responsible for manually updating the bootloader using bootupctl update or systemctl start bootloader-update.service.

With this change, users do not need to manually update the bootloader - it is handled automatically after upgrades. When a new deployment is created (e.g., via bootc update or rpm-ostree upgrade), and if the new image contains updated bootloader artifacts (shim, grub, etc.), a systemd unit (bootloader-update.service) runs on the next boot to apply the update.

This feature has been enabled by default at boot for both UEFI and BIOS systems on Fedora Atomic Desktops starting since Fedora 41. For details, see the approved change proposal: FedoraSilverblueBootupd, and the configuration in bootupd.yaml.

While bootupd updates are generally safe across both UEFI and BIOS systems, UEFI is the modern and preferred boot mechanism. On UEFI systems, the EFI System Partition (ESP) is updated safely using a temporary directory and an atomic RENAME_EXCHANGE operation, as implemented in PR #669 and discussed in issue #454.

BIOS (MBR) updates are also supported and have been reliable in practice, but they lack the atomic guarantees and robustness of UEFI. For this reason, UEFI is recommended for systems that rely on automatic bootloader updates.

See more discussions in issue #1468 and bootupd's README for details about the safety of updates.

Feedback

None so far.

Benefit to Fedora

Bootloader updates generally bring security and other fixes. Applying them automatically will make sure that all systems are running the latest versions without any special intervention from users/admins.

Scope

  • Proposal owners: Enable automatic bootloader updates for Bootable Container systems
  • Other developers: N/A
  • Release engineering: N/A
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with the Fedora Strategy: N/A

Upgrade/compatibility impact

Existing installations will have their bootloader updated as part of this change. This change should not require any manual action.

Users that do not want to have their bootloaders updated automatically for any reason can mask the systemd unit before the Fedora 43 release to disable this functionality.

Early Testing (Optional)

Do you require 'QA Blueprint' support? N

How To Test

  • Download an older Fedora CoreOS version, and start it.
  • Enable bootloader-update.service.
  • Let the system update to the lastest version automatically via Zincati.
  • Once rebooted, verify that the bootloader components have been updated automatically using bootupd:
$ sudo systemctl status bootloader-update.service
$ journalctl -u bootloader-update.service
$ sudo bootupctl status

User Experience

Bootloader updates will be automatically applied in the background on boot. There are no user actions required. User can check the status of their bootloader with the bootupctl status command.

Dependencies

N/A

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) Revert the change
  • Contingency deadline: Beta/Final freeze
  • Blocks release? No

Documentation

Mostly already written on the bootc and CoreOS side, will need some small updates:

Release Notes

To be written

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/AutomaticBootloaderUpdatesBootc&oldid=751611"