Modifying Kernel Arguments

Modifying Kernel Arguments via Ignition

You can specify kernel arguments in a Butane config using the kernel_arguments section.

Example: Staying on cgroups v1

Starting from June 2021, cgroups v2 is the default on new installations of Fedora CoreOS. Here’s an example kernelArguments section which adds the systemd.unified_cgroup_hierarchy=0 kernel argument so that the machine keeps using cgroups v1:

variant: fcos
version: 1.5.0
kernel_arguments:
  should_exist:
    - systemd.unified_cgroup_hierarchy=0

Example: Disabling all CPU vulnerability mitigations

Here’s an example kernelArguments section which switches mitigations=auto,nosmt to mitigations=off to disable all CPU vulnerability mitigations:

variant: fcos
version: 1.5.0
kernel_arguments:
  should_exist:
    - mitigations=off
  should_not_exist:
    - mitigations=auto,nosmt

Modifying Console Configuration During Bare Metal Install

coreos-installer has special support for changing the console configuration when performing a bare-metal installation. This functionality can be used to add console arguments to the kernel command line and equivalent parameters to the GRUB bootloader configuration. For more information, see Emergency Console Access. For more information about bare metal installs, see Installing CoreOS on Bare Metal.

Modifying Kernel Arguments on Existing Systems

Kernel arguments changes are managed by rpm-ostree via the rpm-ostree kargs subcommand. Changes are applied to a new deployment and a reboot is necessary for those to take effect.

Adding kernel arguments

You can append kernel arguments. An empty value for an argument is allowed:

$ sudo rpm-ostree kargs --append=KEY=VALUE
Example: Add reserved memory for Kdump support
$ sudo rpm-ostree kargs --append='crashkernel=256M'

Removing existing kernel arguments

You can delete a specific kernel argument key/value pair or an entire argument with a single key/value pair:

$ sudo rpm-ostree kargs --delete=KEY=VALUE
Example: Re-enable SMT on vulnerable CPUs
$ sudo rpm-ostree kargs --delete=mitigations=auto,nosmt
Example: Update an existing system from cgroupsv1 to cgroupsv2 and immediately reboot
$ sudo rpm-ostree kargs --delete=systemd.unified_cgroup_hierarchy --reboot

Replacing existing kernel arguments

You can replace an existing kernel argument with a new value. You can directly use KEY=VALUE if only one value exists for that argument. Otherwise, you can specify the new value using the following format:

$ sudo rpm-ostree kargs --replace=KEY=VALUE=NEWVALUE
Example: Disable all CPU vulnerability mitigations
$ sudo rpm-ostree kargs --replace=mitigations=auto,nosmt=off

This switches mitigations=auto,nosmt to mitigations=off to disable all CPU vulnerability mitigations.

Interactive editing

To use an editor to modify the kernel arguments:

$ sudo rpm-ostree kargs --editor