Grubx64.efi binary doesen't get updated

Vargblood · 2022-08-22 10:48:40

Hello dear community.

I have a very strange problem. Since 2019 I use Arch Linux and have always followed the instructions during installation. Today I noticed that my grub is on version 2.02 (!). The installed package is on version 2.06. I noticed that the grubx64.efi file under my esp has NOT been updated all these years. Even the grub-install --version command showed version 2.06, although this does not apply to the efi file. It is very confusing that from a running Arch Linux system, you think you have the latest version installed, but upon rebooting, you find that you actually have an outdated version of grub loaded when you happen to look at the headline of the grub screen. After I reinstalled the bootloader via grub-install, the grubx64.efi file was also updated to version 2.06, but I don't want to do this manually every time a grub update is released. Also, I don't know if this is intentional.

Now for my questions:

- Why was only the package updated but never the .efi file?
- What can I do to change this behavior in the future? (Pacman hook?)
- Is my system now potentially at risk because I have been using an old Grub2 version for so long?

If any more troubleshooting information is needed feel free to let me know. I would appreciate some feedback. Thanks a lot.

Last edited by Vargblood (2022-08-22 11:48:26)

schard · 2022-08-22 12:05:08

1) Because the system does not know, which of the installed boot loader packages you want to use in which installation mode.
2) Yes. I for one part use an ALPM hook to update systemd-boot, which I use as a bootloader.
3) Probably not. It's just the boot loader. Once the kernel is loaded, it's job is done.

Vargblood · 2022-08-22 12:48:12

Thank you for your feedback.

1) I think I understand what you mean. I think this should be included in the Grub Wiki article though. I could bet that there are many users who have exactly the same problem but don't notice it either.

2) Do you happen to have a template for an ALPM-hook that refers to Grub?

3) Okay I hope you are right. There have been relatively serious CVEs regarding grub over the last three to four years. But maybe I'm too scared here.

schard · 2022-08-22 13:22:47

You might want to update the shell script according to your needs:

0 ✓ 1346 /usr/share/libalpm/hooks $ cat /usr/share/libalpm/hooks/99-update-grub.hook 
[Trigger]
Type = Package
Operation = Install
Operation = Upgrade
Target = grub

[Action]
Description = Updating Grub bootloader...
When = PostTransaction
Exec = /usr/share/libalpm/scripts/update-grub
0 ✓ 1346 /usr/share/libalpm/hooks $ cat /usr/share/libalpm/scripts/update-grub
#! /bin/bash

if [ -d /sys/firmware/efi ]; then
	exit 0;		# Do not install on EFI systems.
fi

if [ ! -b /dev/sda ]; then
	echo "/dev/sda not present. You'll need to update manually."
	exit 1;
fi

if [ -f /boot/grub/grub.cfg ]; then
	/usr/bin/grub-install /dev/sda
fi

Last edited by schard (2022-08-22 13:24:07)

Vargblood · 2022-08-22 13:35:53

So this is what I adapted from your example:

[Trigger]
Type = Package
Operation = Install
Operation = Upgrade
Target = grub

[Action]
Description = Updating Grub bootloader...
When = PostTransaction
Exec = /usr/bin/grub-install --target=x86_64-efi --efi-directory=/efi/ --bootloader-id=Arch

This should work right?

schard · 2022-08-22 13:37:01

No guarantees. Try it.

Vargblood · 2022-08-22 13:37:52

Okay I will try it. Thank you for your support. Problem solved.

Arch Linux

#1 2022-08-22 10:48:40

Grubx64.efi binary doesen't get updated

#2 2022-08-22 12:05:08

Re: Grubx64.efi binary doesen't get updated

#3 2022-08-22 12:48:12

Re: Grubx64.efi binary doesen't get updated

#4 2022-08-22 13:22:47

Re: Grubx64.efi binary doesen't get updated

#5 2022-08-22 13:35:53

Re: Grubx64.efi binary doesen't get updated

#6 2022-08-22 13:37:01

Re: Grubx64.efi binary doesen't get updated

#7 2022-08-22 13:37:52

Re: Grubx64.efi binary doesen't get updated

Board footer