正在更新引导程序

bootupd

Updating the bootloader is not currently automatic. The bootupd project is included in Fedora CoreOS and may be used for manual updates.

This is usually only relevant on bare metal scenarios, or virtualized hypervisors that support Secure Boot. An example reason to update the bootloader is for the BootHole vulnerability.

目前 bootupd 只能更新 EFI 系统分区(非 BIOS MBR)的引导程序。

检查系统状态:

# bootupctl status
Component EFI
  Installed: grub2-efi-x64-1:2.04-31.fc33.x86_64,shim-x64-15-8.x86_64
  Update: At latest version
#

如果有更新可用,可以使用“bootupctl update” 命令来更新,变更将会在下次重启时生效。

# bootupctl update
...
Updated: grub2-efi-x64-1:2.04-31.fc33.x86_64,shim-x64-15-8.x86_64
#
使用 systemd 单元实现 bootupd 更新自动化
variant: fcos
version: 1.5.0
systemd:
  units:
    - name: custom-bootupd-auto.service
      enabled: true
      contents: |
        [Unit]
        Description=Bootupd automatic update

        [Service]
        ExecStart=/usr/bin/bootupctl update
        RemainAfterExit=yes

        [Install]
        WantedBy=multi-user.target

使用早于 bootupd 的镜像

Older CoreOS images that predate the existence of bootupd need an explicit "adoption" phase. If bootupctl status says the component is Adoptable, perform the adoption with bootupctl adopt-and-update.

# bootupctl adopt-and-update
...
Updated: grub2-efi-x64-1:2.04-31.fc33.x86_64,shim-x64-15-8.x86_64
#

后期版本会默认为自动更新。

后期的 Fedora CoreOS 版本可能会按照以上方式默认自动更新引导程序。