[CentOS] Fixing grub/shim issue Centos 7

Fri Aug 7 10:30:39 UTC 2020
Phil Perry <pperry at elrepo.org>

On 07/08/2020 10:01, Johnny Hughes wrote:
> On 8/7/20 3:46 AM, Nicolas Kovacs wrote:
>> Le 07/08/2020 à 09:40, Alessandro Baggi a écrit :
>>> Probably many users have not updated their machines between the bug release and
>>> the resolution (thanks to your fast apply in the weekend, thank you) and many
>>> update their centos machines on a 2 months base (if not worst). I think also
>>> that many users of CentOS user base have not proclamed their
>>> disappointement/the issue on this list or in other channels. For example I
>>> simply updated in the wrong time.
>>
>> I'm using yum-cron to keep all my server updated on a daily basis.
>>
>> And my question "How could this have passed Q & A" was obviously directed at
>> Red Hat... and *not* at Johnny Hughes and the CentOS team who do their best to
>> deliver the best possible downstream system. I raise my morning coffee mug to
>> your health, guys.
>>
>> Cheers,
>>
>> Niki
>>
> I can assure you .. a BUNCH of testing was done.  Because of the scope
> of this udpate, the CentOS team was looped in during the embargo stage
> (we normally are not .. Red Hat Engineering got permission to make this
> happen for this issue). Normally we see things that are open source only
> .. not embargoed content.  Once the embargo gets lifted, the items
> become open source.  Kudos to the RH team for making this happen.
> 
> The CentOS team worked with the RHEL team on this update for several
> days (more than a week, for sure, maybe 2 weeks)
> 
> I gained MUCH respect for all those guys .. especially  Peter Jones.  He
> is Mr.Secure Boot.
> 
> I personally tested both the c8 and c7 solutions on several machines
> (All i have access to actually, including several personal machines that
> have secureboot).  I saw some of the testing that happened on the RHEL
> side.  It was extensive.
> 

I'll just add to Johnny's already comprehensive reply. As a member of 
the CentOS QA team, I personally tested the update on 3 physical 
machines and all worked fine. Moreover, the QA team was not able to 
replicate the issue on a single physical machine available to them - the 
first indication of a problem came from public reports. We give up a 
huge amount of our personal time and resources to ensure CentOS (and 
RHEL) are the very best products they can be. I'm unsure what more could 
have been done.

> Microsoft, Debian, Ubuntu and others also had issues with this .. so if
> you are losing trust, you are losing it with all OS vendors WRT this issue.
> 
> All I can say is .. this issue was the hardest thing I have been
> involved with since starting with the CentOS Project 17 years ago.
> 
> Obviously, everyone involved in this build would have prevented this
> from happening if they could have.  Secureboot is complicated.
> 
>