[CentOS] 8.2.2004 Quick recovery and fix for unbootable machines

Question:  I have a CentOS 7 VPS.  I have not yet had this problem -- I have 
not yet done an update since this problem showed up.  Will this problem affect 
my server?  *I* don't have access to the bare metal -- it is a cloud VPS I am 
renting.

At Sun, 2 Aug 2020 14:21:58 +1200 Alan McRae <amcrae at island42.net>,  CentOS mailing list <centos at centos.org> wrote:

> 
> This is a quick recovery and fix for the machines rendered unbootable 
> after the grub2/shim yum update.
> 
> It is written for CentOS 8.2.2004 but similar should work for any CentOS 
> 8 or 7 as long as you get the correct shim file,
> that is, the one from the latest installation media.
> 
> I am running on an x86_64 architecture (see uname -i). Please use the 
> correct shim file for your architecture (shim-<arch>-15-11.el8.<arch>.rpm)
> 
> I have tested this by breaking a machine and then recovering it. It 
> works for me.
> 
> I hope someone finds it useful. Let me know.
> 
> Regards
> Alan
> 
> HOW TO BOOT AN UNBOOTABLE MACHINE
> =================================
> 
> 1) Download a copy of rEFind. This is a UEFI boot manager. Burn it to a 
> USB key.
> 
> # wget -O refind.zip 
> http://sourceforge.net/projects/refind/files/0.12.0/refind-flashdrive-0.12.0.zip/download
> # unzip refind.zip
> # cd refind-flashdrive-0.12.0
> # dd if=refind-flashdrive-0.12.0.img bs=4096 of=/dev/sdX (sdX is the 
> device for your USB key, this will be erased, use the whole device use 
> sdX not sdX1)
> 1800+0 records in
> 1800+0 records out
> 7372800 bytes (7.4 MB, 7.0 MiB) copied, 0.980893 s, 7.5 MB/s
> 
> 2) Turn off secureboot in your UEFI hardware.
> 
> 3) Boot the USB key. You should get a colourful screen with icons and a 
> filename below.
> 
> Use the left/right arrow keys to select the correct grubx64.efi.
> Hit space to boot.
> 
> Your usual grub menu should appear and the system should boot normally.
> 
> HOW TO FIX THE PROBLEM
> =====================
> 
> 1) We need to downgrade the shim package. Now your system is running get 
> an older copy of the correct shim package for your architecture
> from the CentOS installation media (e.g. 
> CentOS-8.2.2004-x86_64-dvd1.iso) and install it.
> 
> # mount CentOS-8.2.2004-x86_64-dvd1.iso /mnt
> # cd /mnt/BaseOS/Packages
> # cp shim-x64-15-11.el8.x86_64.rpm /root
> # cd /root
> # umount /mnt
> 
> OR
> 
> Get the package from a CentOS mirror:
> 
> # cd /root
> # wget 
> http://ucmirror.canterbury.ac.nz/linux/CentOS/8.2.2004/BaseOS/x86_64/os/Packages/shim-x64-15-11.el8.x86_64.rpm
> 
> 2) We can now reinstall the older shim package using yum. This will 
> downgrade the package to the working version.
> 
> # yum install shim-x64-15-11.el8.x86_64.rpm
> 
> Last metadata expiration check: 2:11:11 ago on Sun 02 Aug 2020 11:31:06 
> NZST.
> Dependencies resolved.
> 
> ====================================================================================================================================================================================
>  Ã‚Â Package Architecture Version 
> RepositoryÃ‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â  Size
> ====================================================================================================================================================================================
> Downgrading:
>  Ã‚Â shim-x64 x86_64 15-11.el8 
> @commandlineÃ‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â  647 k
> 
> Transaction Summary
> ====================================================================================================================================================================================
> DowngradeÃ‚Â  1 Package
> 
> Total size: 647 k
> Is this ok [y/N]: y
> Downloading Packages:
> Running transaction check
> Transaction check succeeded.
> Running transaction test
> Transaction test succeeded.
> Running transaction
>  Ã‚Â  Preparing : 1/1
>  Ã‚Â  DowngradingÃ‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â  : shim-x64-15-11.el8.x86_64 1/2
>  Ã‚Â  CleanupÃ‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â  : shim-x64-15-13.el8.x86_64 2/2
>  Ã‚Â  VerifyingÃ‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â  : shim-x64-15-11.el8.x86_64 1/2
>  Ã‚Â  VerifyingÃ‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â Ã‚Â  : shim-x64-15-13.el8.x86_64 2/2
> Installed products updated.
> 
> Downgraded:
> shim-x64-15-11.el8.x86_64
> 
> Complete!
> 
> 3) Your system should now boot normally.
> 
> 4) add "exclude=shim*" to /etc/yum.conf to prevent the broken one being 
> reinstalled.Ã‚Â  You should now be able to run 'yum update'. Remove the 
> exclude= when a proper fix becomes available.
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
> 

-- 
Robert Heller             -- Cell: 413-658-7953 GV: 978-633-5364
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services