From Fedora Project Wiki
(Created page with "= Deprecate os-prober use in grub2 = == Summary == Deprecate os-prober and replace it with a new osprobe grub command that performs a less intrusive method to discoverer oth...")
 
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
== Summary ==
== Summary ==


Deprecate os-prober and replace it with a new osprobe grub command that performs a less intrusive method to discoverer other OSes in the system dynamically at boot time to add them to the grub menu.
Deprecate the os-prober user-space tool and replace it with a new osprobe GRUB command, that performs a less intrusive method by dynamically discovering other other OSes in the system at boot time. The osprobe command will populate the GRUB menu with entries using the information discovered automatically by the osprobe command.


== Owner ==
== Owner ==
Line 11: Line 11:
-->
-->
* Name: [[User:aruiz| Alberto Ruiz]]
* Name: [[User:aruiz| Alberto Ruiz]]
* Name: [[User:???| Javier Martinez]]
* Email: aruiz at gnome dot org
 
* Name: [[User:javierm| Javier Martinez]]
* Email: javierm at redhat dot com


* Email: aruiz at gnome dot org
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address>
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address>
Line 44: Line 46:
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
<!-- Expand on the summary, if appropriate.  A couple sentences suffices to explain the goal, but the more details you can provide the better. -->


os-prober is a script that is run (unless it is disabled) every time we execute grub2-mkconfig to add a list of entries that you can use to chainload from grub2 to another operating system that os-prober detected and added to your grub.cfg.
os-prober is a script that is run (unless it is disabled) every time grub2-mkconfig is executed. This finds all the Operating Systems that are installed in the system and the information is used by the `/etc/grub.d/30_os-prober` script to add to the GRUB configuration file an entry for each OS detected by os-prober. These entries contain `chainloader` commands to allow users to boot the other OS that are installed in their systems.
 
However, os-prober is extremely intrusive. In the past, it tried to mount every single block device that could detect. Recent os-prober version use the `grub2-mount` tool that's a FUSE implementation but still it makes the whole OS discovery process quite fragile.


However os-prober is extremely intrusive, it tries to mount every single volume it can detect and possibly mount, it tends to be extremely accurate but there are instances of installation sessions or grub2-mkconfing runs where the process or even the whole machine hangs by mounting/accessing corrupted filesystems or buggy FUSE fs implementations. grub2 upstream has even removed support for this as it considers it an attack vector, many downstreams have kept it because many users still rely on this functionality to have a convenient dual boot setup.
It tends to be extremely accurate but there are instances of installation sessions or grub2-config runs where the process or even the whole machine hangs by mounting/accessing corrupted filesystems or buggy FUSE fs implementations. grub2 upstream has even removed support for this as it considers it an attack vector, most downstreams have kept it because many users still rely on this functionality to have a convenient dual boot setup. But it's clear that is not a solution for the long term.


More over, this is mostly useful on legacy BIOS systems and on EFI systems we ship it and use it while the grub entries do not work at all most of the time. At the same time most EFI implementations have a hotkey to show a boot menu people can use to switch between operating systems.
Moreover, this is mostly useful only for legacy BIOS systems. On EFI systems, it is shipped and used even though the GRUB entries do not work at all most of the time. For example it does not work if Secure Boot is enabled or if the OS is relying on TPM measurements for something. At the same time, most EFI implementations have a hotkey to show a boot menu people can use to switch between operating systems. For this reason is not strictly needed to have this chain-loading functionality.


Getting rid of os-prober is a desirable thing for the most part as it would increase the robustness of new installations, it would make the boot process more secure and it would remove currently non working chainloads grub.cfg menu entries on EFI systems.
Getting rid of os-prober is a desirable thing for the most part as it would increase the robustness of new installations, it would make the boot process more secure and it would remove currently non working chainloads grub.cfg menu entries on EFI systems.


The grub community and the Fedora maintainers are trying to approach a situation where grub is basically zeroconfig and this would be one of multiple steps to get there.
The GRUB community and the Fedora maintainers are trying to approach a situation where GRUB is basically zeroconfig and this would be one of multiple steps to get there.


The downside would be that we leave legacy BIOS systems without the ability to dual boot into other OSes which would be a regression and hurts the very peolpe that are making inroads into using Linux natively but still need to run Windows to some capacity.
The downside would be that we leave legacy BIOS systems without the ability to dual boot into other OSes which would be a regression and hurts the very people that are making inroads into using Linux natively but still need to run Windows to some capacity.


To overcome this shortcoming we have written a grub2 module that implements a command that can be added to grub.cfg (we intend to propose it upstream). It performs the same functionality at startup time on each boot inside grub if the command is called at grub.cfg. You can find the patch here: https://gitlab.com/aruiz/grub/-/compare/3ffd708d...mainline?from_project_id=21317546
To overcome this shortcoming, we have written a grub2 module that implements a command that can be added to grub.cfg (we intend to propose it upstream). It performs the same functionality at startup time on each boot inside grub if the command is called at grub.cfg. You can find the patch here: https://gitlab.com/aruiz/grub/-/compare/3ffd708d...mainline?from_project_id=21317546


== Feedback ==
== Feedback ==

Latest revision as of 14:57, 6 July 2021

Deprecate os-prober use in grub2

Summary

Deprecate the os-prober user-space tool and replace it with a new osprobe GRUB command, that performs a less intrusive method by dynamically discovering other other OSes in the system at boot time. The osprobe command will populate the GRUB menu with entries using the information discovered automatically by the osprobe command.

Owner


Current status

  • Targeted release: Fedora Linux 35
  • Last updated: 2021-07-06
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

os-prober is a script that is run (unless it is disabled) every time grub2-mkconfig is executed. This finds all the Operating Systems that are installed in the system and the information is used by the /etc/grub.d/30_os-prober script to add to the GRUB configuration file an entry for each OS detected by os-prober. These entries contain chainloader commands to allow users to boot the other OS that are installed in their systems.

However, os-prober is extremely intrusive. In the past, it tried to mount every single block device that could detect. Recent os-prober version use the grub2-mount tool that's a FUSE implementation but still it makes the whole OS discovery process quite fragile.

It tends to be extremely accurate but there are instances of installation sessions or grub2-config runs where the process or even the whole machine hangs by mounting/accessing corrupted filesystems or buggy FUSE fs implementations. grub2 upstream has even removed support for this as it considers it an attack vector, most downstreams have kept it because many users still rely on this functionality to have a convenient dual boot setup. But it's clear that is not a solution for the long term.

Moreover, this is mostly useful only for legacy BIOS systems. On EFI systems, it is shipped and used even though the GRUB entries do not work at all most of the time. For example it does not work if Secure Boot is enabled or if the OS is relying on TPM measurements for something. At the same time, most EFI implementations have a hotkey to show a boot menu people can use to switch between operating systems. For this reason is not strictly needed to have this chain-loading functionality.

Getting rid of os-prober is a desirable thing for the most part as it would increase the robustness of new installations, it would make the boot process more secure and it would remove currently non working chainloads grub.cfg menu entries on EFI systems.

The GRUB community and the Fedora maintainers are trying to approach a situation where GRUB is basically zeroconfig and this would be one of multiple steps to get there.

The downside would be that we leave legacy BIOS systems without the ability to dual boot into other OSes which would be a regression and hurts the very people that are making inroads into using Linux natively but still need to run Windows to some capacity.

To overcome this shortcoming, we have written a grub2 module that implements a command that can be added to grub.cfg (we intend to propose it upstream). It performs the same functionality at startup time on each boot inside grub if the command is called at grub.cfg. You can find the patch here: https://gitlab.com/aruiz/grub/-/compare/3ffd708d...mainline?from_project_id=21317546

Feedback

Benefit to Fedora

This method is a lot less intrusive and more reliable as it just tries to identify each unecrypted boot partition or directory to assess which OS family is there instead of the most aggressive approach by os-prober that tries to mount root and parse files to detect os version and kernels available.

This also aligns to other efforts like the move to BootLoaderSpec in the past and others we intend to promote to have grub.cfg be a completely static file, improving reliability, reducing complexity and enhancing the usability of the boot path in Fedora.

Scope

  • Proposal owners: Alberto Ruiz, Javier Martinez
  • Other developers:
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives: (We should probably add an objective for zero config boot)

Upgrade/compatibility impact

We need to decide whether upgraded systems should stick to os-prober for the time being and we only keep the old os-prober's /etc/grub.d/ scriptlet or whether we move everyone to use the new grub.cfg command.

TBD


How To Test

User Experience

This is a change that will be transparent to most users as grub2-mkconfig will just place the new command in grub.cfg instead of going through os-prober to generate static entries.

Dependencies

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No


Documentation

TBA

N/A (not a System Wide Change)

Release Notes