Enable automatic bootloader updates #1468
Comments
|
We should also consider whether to automatically update the BIOS bootloader. It's probably infeasible to do that safely, though. |
|
We've made a lot of progress on this front so we should reconsider that. |
Added the |
|
From the 0.2.19 to the 0.2.24 release, we have fixed the following issues:
We have the following issue still blocking us on Fedora CoreOS:
Once we have the SELinux issues fixed, we should be able to enable automatic updates on boot for non-RAID setups. This has been enabled by default on boot for the Atomic Desktops for Fedora 41 for UEFI, and planned to be enabled for BIOS as well soon. |
|
During our meeting today (10/30), we agreed to proceed with F42 and to assign someone with availability to implement it. You can find more details in the meeting logs. |
|
Sorry for the noise, removing the meeting label as this was already discussed in the community meeting last week. |
Add a systemd service unit to trigger an adoption and update on every boot. Note that the service is intentionally not enabled by default as it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. This unit does not come with any specific restrictions (i.e. EFI or BIOS only). For an assesment of the safety of updates as performed by bootupd, see coreos#454. Distributiuons should also apply the restrictions (i.e. EFI or BIOS only for example) as needed as unit files overrides. Notably, Fedora CoreOS can not yet enable automatic updates until we get support for the multiple EFI partitions for RAID setups. See: coreos/fedora-coreos-tracker#1468 See: coreos/fedora-coreos-config#3042 Initial version from: coreos#716 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2332868
Add a systemd service unit to trigger an adoption and update on every boot. Note that the service is intentionally not enabled by default as it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. This unit does not come with any specific restrictions (i.e. EFI or BIOS only). For an assesment of the safety of updates as performed by bootupd, see coreos#454. Distributiuons should also apply the restrictions (i.e. EFI or BIOS only for example) as needed as unit files overrides. Notably, Fedora CoreOS can not yet enable automatic updates until we get support for the multiple EFI partitions for RAID setups. See: coreos/fedora-coreos-tracker#1468 See: coreos/fedora-coreos-config#3042 Initial version from: coreos#716 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2332868
Add a systemd service unit to trigger an adoption and update on every boot. Note that the service is intentionally not enabled by default as it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. This unit does not come with any specific restrictions (i.e. EFI or BIOS only). For an assesment of the safety of updates as performed by bootupd, see coreos#454. Distributiuons should also apply the restrictions (i.e. EFI or BIOS only for example) as needed as unit files overrides. Notably, Fedora CoreOS can not yet enable automatic updates until we get support for the multiple EFI partitions for RAID setups. See: coreos/fedora-coreos-tracker#1468 See: coreos/fedora-coreos-config#3042 Initial version from: coreos#716 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2332868
Currently, Fedora CoreOS (and in fact, all other rpm-ostree-based Fedora variants) do not update the EFI bootloader together with host updates. The reason for this is explained in greater details in the bootupd README (see especially the Q&A). Recently, we've hit more and more issues related to stale bootloaders, to the point where it's becoming more urgent that we fix this gap.
The main blocker to have automatic bootloader updates is to make them safer in bootupd (related issues: coreos/bootupd#440, coreos/bootupd#454). Once it's deemed safe enough to turn on by default, we then need to integrate it into FCOS. Fedora IoT and Fedora Silverblue likely will also want this.
The text was updated successfully, but these errors were encountered: