On 8/1/20 10:21 PM, Alan McRae via CentOS wrote: > This is a quick recovery and fix for the machines rendered unbootable > after the grub2/shim yum update. > > It is written for CentOS 8.2.2004 but similar should work for any CentOS > 8 or 7 as long as you get the correct shim file, > that is, the one from the latest installation media. > > I am running on an x86_64 architecture (see uname -i). Please use the > correct shim file for your architecture (shim-<arch>-15-11.el8.<arch>.rpm) > > I have tested this by breaking a machine and then recovering it. It > works for me. > > I hope someone finds it useful. Let me know. > > Regards > Alan > > HOW TO BOOT AN UNBOOTABLE MACHINE > ================================= > > 1) Download a copy of rEFind. This is a UEFI boot manager. Burn it to a > USB key. > > # wget -O refind.zip > http://sourceforge.net/projects/refind/files/0.12.0/refind-flashdrive-0.12.0.zip/download > > # unzip refind.zip > # cd refind-flashdrive-0.12.0 > # dd if=refind-flashdrive-0.12.0.img bs=4096 of=/dev/sdX (sdX is the > device for your USB key, this will be erased, use the whole device use > sdX not sdX1) > 1800+0 records in > 1800+0 records out > 7372800 bytes (7.4 MB, 7.0 MiB) copied, 0.980893 s, 7.5 MB/s > > 2) Turn off secureboot in your UEFI hardware. > > 3) Boot the USB key. You should get a colourful screen with icons and a > filename below. > > Use the left/right arrow keys to select the correct grubx64.efi. > Hit space to boot. > > Your usual grub menu should appear and the system should boot normally. > > HOW TO FIX THE PROBLEM > ===================== > > 1) We need to downgrade the shim package. Now your system is running get > an older copy of the correct shim package for your architecture > from the CentOS installation media (e.g. > CentOS-8.2.2004-x86_64-dvd1.iso) and install it. > > # mount CentOS-8.2.2004-x86_64-dvd1.iso /mnt > # cd /mnt/BaseOS/Packages > # cp shim-x64-15-11.el8.x86_64.rpm /root > # cd /root > # umount /mnt > > OR > > Get the package from a CentOS mirror: > > # cd /root > # wget > http://ucmirror.canterbury.ac.nz/linux/CentOS/8.2.2004/BaseOS/x86_64/os/Packages/shim-x64-15-11.el8.x86_64.rpm > > > 2) We can now reinstall the older shim package using yum. This will > downgrade the package to the working version. > > # yum install shim-x64-15-11.el8.x86_64.rpm > > Last metadata expiration check: 2:11:11 ago on Sun 02 Aug 2020 11:31:06 > NZST. > Dependencies resolved. > > ==================================================================================================================================================================================== > > Package Architecture Version > Repository Size > ==================================================================================================================================================================================== > > Downgrading: > shim-x64 x86_64 15-11.el8 > @commandline 647 k > > Transaction Summary > ==================================================================================================================================================================================== > > Downgrade 1 Package > > Total size: 647 k > Is this ok [y/N]: y > Downloading Packages: > Running transaction check > Transaction check succeeded. > Running transaction test > Transaction test succeeded. > Running transaction > Preparing : 1/1 > Downgrading : shim-x64-15-11.el8.x86_64 1/2 > Cleanup : shim-x64-15-13.el8.x86_64 2/2 > Verifying : shim-x64-15-11.el8.x86_64 1/2 > Verifying : shim-x64-15-13.el8.x86_64 2/2 > Installed products updated. > > Downgraded: > shim-x64-15-11.el8.x86_64 > > Complete! > > 3) Your system should now boot normally. > > 4) add "exclude=shim*" to /etc/yum.conf to prevent the broken one being > reinstalled. You should now be able to run 'yum update'. Remove the > exclude= when a proper fix becomes available. > Thank you for your apparently well researched and written article. The only problem I see with it is that it's going to be really hard for a CentOS user with a tanked system to read unless that user has access to some other system where this can be read. -- _ °v° /(_)\ ^ ^ Mark LaPierre Registered Linux user No #267004 https://linuxcounter.net/ ****