[CentOS] Centos 7 shim fix failed

Wed Aug 5 11:44:31 UTC 2020
Leon Fauster <leonfauster at googlemail.com>

Am 05.08.20 um 02:13 schrieb david:
> At 05:01 PM 8/4/2020, you wrote:
>> Am 05.08.20 um 01:27 schrieb david:
>>> At 04:18 PM 8/4/2020, you wrote:
>>>> Am 05.08.20 um 01:09 schrieb david:
>>>>> At 01:54 PM 8/4/2020, you wrote:
>>>>>> On Tue, 04 Aug 2020 13:44:05 -0700
>>>>>> david wrote:
>>>>>>
>>>>>> > After all the updates, the system was NOT bootable.
>>>>>>
>>>>>> How long did you wait for it to boot, and what did it do when it 
>>>>>> failed to boot?  What text messages showed up on the 
>>>>>> console?  Any reported errors when you ran the update or when 
>>>>>> you rebooted the computer?  If so, what did the say?
>>>>>>
>>>>>> I personally haven't had any issues updating any of my computers 
>>>>>> (using a mix of Centos 6, 7 and 8) but maybe they're all too old 
>>>>>> to for the issue to show up.
>>>>>>
>>>>>> -- 
>>>>> How long did I wait:  5 minutes
>>>>> What on the console:  nothing, just a dull gray color
>>>>> Errors on update:  none
>>>>> ---------------------
>>>>> But when I blocked the update, it booted within a minute, and ran.
>>>>
>>>> Can you boot the system with all updates and secureboot=off?
>>>> (Just to be sure; I imply that you use UEFI, right?)
>>>>
>>>> -- 
>>>> Leon
>>>> ____________
>>>
>>> I'm not sure how to turn 'secure boot' off or if it exists.
>>> (MacMini5.2).  I presume it uses UEFI, but not sure how to answer that.
>>
>> Oh, an apple device. AFAIK the openfirmware of such hardware have also 
>> a legacy mode. So first check if it uses the UEFI mode at all by checking
>> if this directory exists (in the working/bootable system):
>>
>> # ls -la /sys/firmware/efi
>>
>> if so test the secure boot state with
>>
>> # mokutil --sb-state
>>
>>
>>> Boot failure only occurs when the grub2/shim/mokutil updates are 
>>> applied.
> 
> 
> 
> [root at xxx -]ls -la /sys/firmware/efi
> total 0
> drwxr-xr-x  5 root root    0 Aug  4 17:12 .
> drwxr-xr-x  7 root root    0 Aug  4 14:30 ..
> -r--r--r--  1 root root 4096 Aug  4 17:12 config_table
> drwxr-xr-x  2 root root    0 Aug  4 14:30 efivars
> -r--r--r--  1 root root 4096 Aug  4 17:12 fw_platform_size
> -r--r--r--  1 root root 4096 Aug  4 17:12 fw_vendor
> -r--r--r--  1 root root 4096 Aug  4 17:12 runtime
> drwxr-xr-x 10 root root    0 Aug  4 17:12 runtime-map
> -r--------  1 root root 4096 Aug  4 14:31 systab
> drwxr-xr-x 23 root root    0 Aug  4 17:12 vars
> [root at xxx ~]# mokutil --sb-state
> This system doesn't support Secure Boot
> [root at xxx ~]#
> 


The boot hole security issue is related to secure boot. In your case I 
would assume a different problem (after seeing the above information).
As others mentioned already apply some patience while updating. You said 
that you could change to a different terminal. Take a look into "top", 
if something like gz or xz is in place occupying your CPU then the 
initrd gets build ... just wait :-)

--
Leon