Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: document how kairos evaluates a transition image #2798

Closed
mauromorales opened this issue Aug 7, 2024 · 4 comments · Fixed by kairos-io/kairos-docs#264
Closed

feat: document how kairos evaluates a transition image #2798

mauromorales opened this issue Aug 7, 2024 · 4 comments · Fixed by kairos-io/kairos-docs#264
Assignees
@jimmykarily
Labels
documentation Improvements or additions to documentation enhancement New feature or request

Comments

@mauromorales
Copy link
Member

  • Check image integrity
  • Check if the image is signed by the same entity (UKI-only)
  • Automatically reboot in case of kernel panics
  • There is a GRUB script that will do boot-assessment (non-UKI) at bootloader level if the image fails to start (e.g. after a broken upgrade)
  • systemd-boot fallbacks in case of failures (UKI-only)

response by @mudler
@mauromorales mauromorales added enhancement New feature or request triage Add this label to issues that should be triaged and prioretized in the next planning call labels Aug 7, 2024
@jimmykarily jimmykarily added the documentation Improvements or additions to documentation label Aug 26, 2024
@jimmykarily jimmykarily removed the triage Add this label to issues that should be triaged and prioretized in the next planning call label Sep 16, 2024
@jimmykarily jimmykarily moved this to In Progress 🏃 in 🧙Issue tracking board Sep 16, 2024
@jimmykarily jimmykarily self-assigned this Sep 17, 2024
@jimmykarily
Copy link
Contributor

partly explained here: https://github.com/kairos-io/packages/blob/15945f281bc475c12fa98cdb0cd0d8f0253317cc/packages/static/kairos-overlay-files/files/system/oem/08_grub.yaml#L5-L10

@jimmykarily
Copy link
Contributor

jimmykarily commented Sep 17, 2024
edited
Loading

  • Check image integrity:
    • uki (not really the "integrity" but rather the signing)
    • non uki: we don't check anything

Actually, did we mean some other check with "image integrity"? I'm not aware of such a check and I can't find something in code.

@jimmykarily
Copy link
Contributor

systemd-boot boot assessment: https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting (linking also to this). I'm not sure we implement this properly. Needs investigation.

@jimmykarily jimmykarily mentioned this issue Sep 17, 2024
Closed
@jimmykarily
Copy link
Contributor

I created a ticket to implement boot assessment in systemd-boot: #2864
In the meantime there is nothing to document around that.

@jimmykarily jimmykarily mentioned this issue Sep 17, 2024
Merged
@github-project-automation github-project-automation bot moved this from Under review 🔍 to Done ✅ in 🧙Issue tracking board Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jimmykarily jimmykarily

Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
🧙Issue tracking board
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Create docs page kairos-io/kairos-docs
2 participants
@mauromorales @jimmykarily