# the issue:
dnf check-update
Last metadata expiration check: 1:35:58 ago on Sun Jun 4 10:26:18 2023.
Security: kernel-core-5.14.0-284.11.1.el9_2.aarch64 is an installed security update
Security: kernel-core-5.14.0-162.6.1.el9_1.aarch64 is the currently running version
# double check:
uname -r
5.14.0-162.6.1.el9_1.aarch64
# only reboot is not fixing it:
uptime
12:01:37 up 0 min, 1 user, load average: 0.34, 0.10, 0.04
# the cfg is up to date:
grub2-mkconfig > test.cfg 2>/dev/null
diff test.cfg /boot/grub2/grub.cfg
# and manually it looks fine:
. /usr/share/grub/grub-mkconfig_lib
version_find_latest $(ls -1 /boot/vmlinuz-*)
/boot/vmlinuz-5.14.0-284.11.1.el9_2.aarch64
# maybe these efi boot logs are related:
grep -Pi "efi\b" /var/log/messages | tail -n 6
Jun 4 12:00:59 amazon4 systemd[1]: Condition check resulted in Amazon Elastic Block Store EFI\x20System\x20Partition being skipped.
Jun 4 12:00:59 amazon4 systemd[1]: Mounting /boot/efi...
Jun 4 12:00:59 amazon4 systemd[1]: Mounted /boot/efi.
Jun 4 12:00:59 amazon4 systemd[1]: Store a System Token in an EFI Variable was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
Jun 4 12:00:59 amazon4 systemd[1]: TPM2 PCR Barrier (Initialization) was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
Jun 4 12:00:59 amazon4 systemd[1]: TPM2 PCR Barrier (User) was skipped because of an unmet condition check (ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f).
非 efi 虚拟机不存在此问题。
如何告诉 grub/efi 使用较新的内核?
编辑01:
感谢@Svižný_Svišť 的分享
grubby --info=ALL
grub2-reboot 1
列出已安装的内容;
dnf list --installed | grep "kernel-core"
kernel-core.aarch64 5.14.0-162.6.1.el9_1 @baseos
kernel-core.aarch64 5.14.0-284.11.1.el9_2 @baseos
kernel-core.aarch64 5.14.0-284.18.1.el9_2 @baseos
我删除了这个:
dnf remove kernel-core-5.14.0-162.6.1.el9_1
但 grubby 仍然列出了它,所以我修复了它
grubby --remove-kernel=/boot/vmlinuz-5.14.0-162.6.1.el9_1.aarch64
答案1
我刚刚经历了这个问题从升级kernel-core-5.14.0-284.11.1.el9_2.x86_64
到kernel-core-5.14.0-284.18.1.el9_2.x86_64
虽然我还没有找到解决方案,但我发现为 GRUB 设置“仅下次启动”默认启动项确实会加载所需的内核:
$ sudo grubby --info=ALL | grep -E '^(kernel|index)'
index=0
kernel="/boot/vmlinuz-5.14.0-284.11.1.el9_2.x86_64"
index=1
kernel="/boot/vmlinuz-5.14.0-284.18.1.el9_2.x86_64"
$ sudo grub2-reboot 1 # index 1
$ sudo reboot
显然这只是暂时加载最新的内核。开机后又会回到之前的状态。虽然不是为了解决问题,但它可能会让其他人知道下一步该去哪里。
答案2
dnf 无法正确更新 grub,有时必须手动更新,如下所示:
grubby --remove-kernel=/boot/vmlinuz-5.14.0-162.6.1.el9_1.aarch64
reboot