[CentOS] 8.2.2004 Quick recovery and fix for unbootable machines

Mon Aug 3 03:02:14 UTC 2020
Mark LaPierre <marklapier at gmail.com>

On 8/1/20 10:21 PM, Alan McRae via CentOS wrote:
> This is a quick recovery and fix for the machines rendered unbootable 
> after the grub2/shim yum update.
> 
> It is written for CentOS 8.2.2004 but similar should work for any CentOS 
> 8 or 7 as long as you get the correct shim file,
> that is, the one from the latest installation media.
> 
> I am running on an x86_64 architecture (see uname -i). Please use the 
> correct shim file for your architecture (shim-<arch>-15-11.el8.<arch>.rpm)
> 
> I have tested this by breaking a machine and then recovering it. It 
> works for me.
> 
> I hope someone finds it useful. Let me know.
> 
> Regards
> Alan
> 
> HOW TO BOOT AN UNBOOTABLE MACHINE
> =================================
> 
> 1) Download a copy of rEFind. This is a UEFI boot manager. Burn it to a 
> USB key.
> 
> # wget -O refind.zip 
> http://sourceforge.net/projects/refind/files/0.12.0/refind-flashdrive-0.12.0.zip/download 
> 
> # unzip refind.zip
> # cd refind-flashdrive-0.12.0
> # dd if=refind-flashdrive-0.12.0.img bs=4096 of=/dev/sdX (sdX is the 
> device for your USB key, this will be erased, use the whole device use 
> sdX not sdX1)
> 1800+0 records in
> 1800+0 records out
> 7372800 bytes (7.4 MB, 7.0 MiB) copied, 0.980893 s, 7.5 MB/s
> 
> 2) Turn off secureboot in your UEFI hardware.
> 
> 3) Boot the USB key. You should get a colourful screen with icons and a 
> filename below.
> 
> Use the left/right arrow keys to select the correct grubx64.efi.
> Hit space to boot.
> 
> Your usual grub menu should appear and the system should boot normally.
> 
> HOW TO FIX THE PROBLEM
> =====================
> 
> 1) We need to downgrade the shim package. Now your system is running get 
> an older copy of the correct shim package for your architecture
> from the CentOS installation media (e.g. 
> CentOS-8.2.2004-x86_64-dvd1.iso) and install it.
> 
> # mount CentOS-8.2.2004-x86_64-dvd1.iso /mnt
> # cd /mnt/BaseOS/Packages
> # cp shim-x64-15-11.el8.x86_64.rpm /root
> # cd /root
> # umount /mnt
> 
> OR
> 
> Get the package from a CentOS mirror:
> 
> # cd /root
> # wget 
> http://ucmirror.canterbury.ac.nz/linux/CentOS/8.2.2004/BaseOS/x86_64/os/Packages/shim-x64-15-11.el8.x86_64.rpm 
> 
> 
> 2) We can now reinstall the older shim package using yum. This will 
> downgrade the package to the working version.
> 
> # yum install shim-x64-15-11.el8.x86_64.rpm
> 
> Last metadata expiration check: 2:11:11 ago on Sun 02 Aug 2020 11:31:06 
> NZST.
> Dependencies resolved.
> 
> ==================================================================================================================================================================================== 
> 
>   Package Architecture Version 
> Repository                                     Size
> ==================================================================================================================================================================================== 
> 
> Downgrading:
>   shim-x64 x86_64 15-11.el8 
> @commandline                                  647 k
> 
> Transaction Summary
> ==================================================================================================================================================================================== 
> 
> Downgrade  1 Package
> 
> Total size: 647 k
> Is this ok [y/N]: y
> Downloading Packages:
> Running transaction check
> Transaction check succeeded.
> Running transaction test
> Transaction test succeeded.
> Running transaction
>    Preparing : 1/1
>    Downgrading      : shim-x64-15-11.el8.x86_64 1/2
>    Cleanup          : shim-x64-15-13.el8.x86_64 2/2
>    Verifying        : shim-x64-15-11.el8.x86_64 1/2
>    Verifying        : shim-x64-15-13.el8.x86_64 2/2
> Installed products updated.
> 
> Downgraded:
> shim-x64-15-11.el8.x86_64
> 
> Complete!
> 
> 3) Your system should now boot normally.
> 
> 4) add "exclude=shim*" to /etc/yum.conf to prevent the broken one being 
> reinstalled.  You should now be able to run 'yum update'. Remove the 
> exclude= when a proper fix becomes available.
> 

Thank you for your apparently well researched and written article.  The 
only problem I see with it is that it's going to be really hard for a 
CentOS user with a tanked system to read unless that user has access to 
some other system where this can be read.

-- 
     _
    °v°
   /(_)\
    ^ ^  Mark LaPierre
Registered Linux user No #267004
https://linuxcounter.net/
****