[CentOS] After update to 8 (2004) ... system is unbootable - UEFI Secure boot

Wed Jun 17 06:23:18 UTC 2020
Fabian Arrotin <arrfab at centos.org>

On 17/06/2020 04:03, Leon Fauster via CentOS wrote:
> Am 16.06.20 um 22:04 schrieb Fabian Arrotin:
>> On 16/06/2020 15:06, Leon Fauster via CentOS wrote:
>>> Hi all,
>>>
>>> I updated a Dell XPS laptop from CentOS 8.1 (1911) to 8.2 (2004).
>>>
>>> Installed kernels are
>>> kernel-4.18.0-147.5.1.el8_1.x86_64
>>> kernel-4.18.0-147.8.1.el8_1.x86_64
>>> kernel-4.18.0-193.6.3.el8_2.x86_64
>>>
>>> Unfortunately I can not boot into the latest
>>> kernel-4.18.0-193.6.3.el8_2.x86_64.
>>>
>>> After grub2 screen I only see following line:
>>>
>>> EFI stub: UEFI Secure Boot is enabled
>>>
>>> Booting into the older kernel is still possible. The
>>> above line appears and after that the normal kernel
>>> output scrolls over the screen (rhgb quiet disabled).
>>>
>>> Is the new kernel correctly signed?
>>>
>>> What can I do?
>>>
>>> -- 
>>> Thanks
>>> Leon
>>
>> Hi Leon,
>>
>> Don't think that it's due to secureboot, as on my work laptop (thinkpad
>> t490s), I have secureboot on, and kernel working fine.
>>
>> OTOH, on my family laptop (also in secureboot mode), when I updated from
>> 8.1.1011 to 8.2.2004, laptop became unresponsive during the
>> microcode_ctl update (in scriptlet) and after that it auto-reset itself
>> , so in the middle of the whole rpm transaction.
>> I tried to recover it but it was to a point where it was faster to just
>> reinstall from scratch with 8.2.2004, which I did ... and in gnome,
>> everything was fine, etc (adding repo, pkgs) but then on the *same*
>> kernel it was installed with, just tried a reboot, and nothing  : grub
>> shows menu, you select kernel and on upper left there is only cursor
>> (fixed) and nothing happens ..
>>
>> I'll try to diagnose what's the issue as actually that means troubles
>> with family using that laptop :)
> 
> 
> Hi Fabian,
> 
> an earlyprintk=efi kernel option shows a slowly executed kernel
> (at least the output). I disabled the early_microcode dracut option
> and rebuilded the initramfs image but no success in booting the kernel
> 4.18.0-193.6.3.el8_2.x86_64. Unfortunately no more time for more
> heuristics ...
> 
> -- 
> Leon
> 

I finally had reinstalled the laptop over pxe at home *but* pointing to
kickstart repo (so GA content without updates, and so local mirror of
http://mirror.centos.org/centos/8/BaseOS/x86_64/kickstart/), to ensure
that microcode_ctl wouldn't be installed, and in some minutes laptop was
back in action.
Excluding it from updates and updated the rest and all is ok.

I've seen some people mentioning strange problems like this due to
microcode, and it seems Ubuntu even had a second update a in row to fix
issues :
- https://usn.ubuntu.com/4385-1/ (introducing issue)
- https://usn.ubuntu.com/4385-2/ (fixing the introduced issue)

All that was reported for centos 7 as we had the same issue there too
(see https://bugs.centos.org//view.php?id=17452)

So for people impacted, I guess we have to wait for a new update to
land, and excluding it from updates for now

-- 
Fabian Arrotin
The CentOS Project | https://www.centos.org
gpg key: 17F3B7A1 | twitter: @arrfab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20200617/566d8311/attachment-0005.sig>