After starting yum updateon CentOS, upon a subsequent reboot, you may be in for a surprise in the form of a corrupted server that hangs on the BIOS splash screen.
We started writing about the problem on forums and bug trackers yesterday. It seems that the problem affects all systems with UEFI bootloader and is relevant for at least CentOS 7.8 and 8.2. So yesterday evening I was not lucky enough to update and restart the server, ensuring myself a night of fun.
The problem manifests itself at the time of server reboot in the form of a frozen screen with a BIOS splash screen, from which at first it is not at all clear what is happening - no errors, no grub console, only a frozen bios splash screen.
Decision
If after the update the server did not reboot, then in order not to get a brick on the next reboot, it is enough to roll back the update of the grub2 packages and their dependencies:
yum downgrade grub2\* shim\* mokutilIf the server was rebooted and the brick was still received, then to restore the bootloader you will need a Live-CD disk or a flash drive. The sequence of actions for rolling back packages on a non-bootable system will be as follows:
- Boot from Live-CD (I took version 7 here );
- Configure a network;
- Mount the root partition to / mnt / sysimage;
- Mount the / boot partition in / mnt / sysimage / boot and the / boot / efi partition in / mnt / sysimage / boot / efi;
- Execute a sequence of commands:
mount -o bind /dev/urandom /mnt/sysimage/dev/urandom echo 'nameserver 1.1.1.1' > /mnt/sysimage/etc/resolv.conf chroot /mnt/sysimage yum downgrade grub2\* shim\* mokutil
After that, the loader will be updated to the old version and the server should boot.
Excluding packages from updates
To prevent the bootloader from breaking again during the next update, you need to add the problematic packages to the exceptions (line exclude=grub2* shim* mokutil) in the yum configuration file /etc/yum.conf.
Problematic versions of packages for CentOS 7, it is with them that the UEFI bootloader breaks down:
grub2-2.02-0.86.el7.centos.x86_64
shim-x64-15-7.el7_9.x86_64