[pve-devel] [PATCH manager v3 2/2] 8 to 9 checks: check for removable grub-install

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Aug 8 10:10:26 CEST 2025 

On August 7, 2025 10:30 pm, Stoiko Ivanov wrote:
> some upgrades result in unbootable systems, which can be traced back
> to grub being installed in BOOTX64.efi, but not being upgraded by
> grub-install. Refer the cases to the output of
> `proxmox-boot-tool refresh` as it has a sensible check logic for those
> cases. Some affected systems printed the warning of proxmox-boot-tool,
> but it was lost in the large output of the dist-upgrade.
> 
> Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
> ---
>  PVE/CLI/pve8to9.pm | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm
> index 6381e62f..c2e830a9 100644
> --- a/PVE/CLI/pve8to9.pm
> +++ b/PVE/CLI/pve8to9.pm
> @@ -1569,6 +1569,7 @@ sub check_bootloader {
>          return;
>      }
>  
> +    my $boot_ok = 1;
>      if (-f "/etc/kernel/proxmox-boot-uuids") {
>          if (!$upgraded) {
>              log_skip("not yet upgraded, systemd-boot still needed for bootctl");
> @@ -1587,13 +1588,21 @@ sub check_bootloader {
>                      . " boot-related packages. Remove 'systemd-boot' See"
>                      . " https://pve.proxmox.com/wiki/Upgrade_from_8_to_9#sd-boot-warning for more information."
>              );
> +            $boot_ok = 0;
>          }
>          if (!-f "/usr/share/doc/grub-efi-amd64/changelog.Debian.gz") {
>              log_warn("System booted in uefi mode but grub-efi-amd64 meta-package not installed,"
>                  . " new grub versions will not be installed to /boot/efi! Install grub-efi-amd64."
>              );
> +            $boot_ok = 0;
> +        }
> +        if (-f "/boot/efi/EFI/BOOT/BOOTX64.efi") {
> +            log_warn("Removable bootloader found at '/boot/efi/EFI/BOOT/BOOTX64.efi' Check the"
> +                . " output of `proxmox-boot-tool refresh` if further action is needed.");

why not run the debconf command here? we already did 90% of the required
checks if we end up here:

1. system is EFI booted
2. removable entry on ESP exists
3: MISSING: `debconf show --db configdb grub-efi-amd64 grub-pc | grep 'force_efi_extra_removable'`

we just need to query debconf to see if action actually needs to be taken.

without that last step, this will now warn *for all LVM systems*, even
those that are properly set up..

if we want to go the extra mile, we could also check that the binaries
actually match what is currently installed package-wise, but that might
get complicated in the face of shim..

> +            $boot_ok = 0;

this is dead code

>              return;

or this is, please only do either ;)

> -        } else {
> +        }
> +        if ($boot_ok) {
>              log_pass("bootloader packages installed correctly");
>          }
>      }
> -- 
> 2.39.5
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
>

More information about the pve-devel mailing list