Friday, 17 December 2021

Re: os-prober is disabled in grub 2.06 and where to go from here

On Fri, Dec 17, 2021 at 05:01:59PM +0100, Julian Andres Klode wrote:
> Hi ubuntu-devel,
> os-prober is disabled with the grub 2.06 upload, which is
> obviously a bit controversial and the outcome is not
> necessarily in the best interest of our users.
> # Reasons
> os-prober is inherently insecure as it mounts all partitions
> on your disk using grub-mount to check them for other OS,
> which is not a nice thing to do as root as you can exploit
> bugs in the filesystem code easily.
> # Outcome
> 1. Users on UEFI are unable to boot other Ubuntu installs,
> but can boot other OS via the UEFI bootloader.
> Multiple Ubuntu installs are a hack either way, so not
> really a huge priority - any Ubuntu install installs
> grub to the same location, so your grub just switches
> between your Ubuntu installs each time you upgrade it
> in one. Ugh.
> 2. Users on BIOS systems cannot boot any other system
> This is highly problematic
> # Options
> 0. Re-enable os-prober
> 1. Red Hat only runs os-prober during install time, and
> instead of regenerating grub.cfg when kernels are installed
> writes out drop-in files that are then loaded (it actually
> uses the systemd-boot load entries format, which it has
> patched into grub)
> We could run os-prober during install time, store the
> output somewhere and then reuse the cached output in
> grub-mkconfig.

I think we want to compromise a bit further to avoid regressions
now, and keep running os-prober if we found OS before.

It seems to be feasible to change the default of GRUB_DISABLE_OS_PROBER
to a new auto value, and then do something like::

if [ "$GRUB_DISABLE_OS_PROBER" = "auto" ]
&& [ -e /boot/grub/grub.cfg ]
&& ! grep -q osprober- /boot/grub.cfg; then
grub_warn "Disabling os-prober as no OS have been found in previous run"
exit 0

Alternatively, we can

1. For upgrades from 2.04, do the grep in the postinst and set
GRUB_DISABLE_OS_PROBER=false in a grub.d file

2. For new installs, set GRUB_DISABLE_OS_PROBER=false from within
our various installers (I guess desktop ones are sufficient, does
anyone dual boot servers?)

We can then see if we want to tighten this down further to fully
static os-prober output in 22.10.
debian developer - | - free software dev
ubuntu core developer i speak de, en

ubuntu-devel mailing list
Modify settings or unsubscribe at: