Grub settings getting ignored after update from yesterday

Kobold · 24 March 2021 22:18

Hello,
Yesterday 2 small packages showed up to download.
I downloaded/updated/restarted my Linux (I’m on Linux Kernel 5.10.23-1).

After my grub Menu just showed up again out of nowhere… it was set to hidden (and its still set on hidden) and the Grub Timeout (Bootmenu) went up to 10sec… i know there was a security reason and there was some changes related to grub 1 week ago.

All my settings in “/etc/default/grub” getting ignored now…

Grubsettings:

GRUB_DEFAULT=saved
GRUB_TIMEOUT=1
GRUB_TIMEOUT_STYLE=hidden
GRUB_DISTRIBUTOR="Manjaro"
GRUB_CMDLINE_LINUX_DEFAULT="quiet apparmor=1 security=apparmor resume=UUID=a44dd3c4-f5f1-4587-8934-6f7413d28d4f udev.log_pri>
GRUB_CMDLINE_LINUX=""

# If you want to enable the save default function, uncomment the following
# line, and set GRUB_DEFAULT to saved.
GRUB_SAVEDEFAULT=true

# Preload both GPT and MBR modules so that they are not missed
GRUB_PRELOAD_MODULES="part_gpt part_msdos"

# Uncomment to enable booting from LUKS encrypted devices
#GRUB_ENABLE_CRYPTODISK=y

# Uncomment to use basic console
GRUB_TERMINAL_INPUT=console

# Uncomment to disable graphical terminal
#GRUB_TERMINAL_OUTPUT=console

# The resolution used on graphical terminal
# note that you can use only modes which your graphic card supports via VBE
# you can see them in real GRUB with the command 'videoinfo'
GRUB_GFXMODE=auto

# Uncomment to allow the kernel use the same resolution used by grub
GRUB_GFXPAYLOAD_LINUX=keep

# Uncomment if you want GRUB to pass to the Linux kernel the old parameter
# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx"
#GRUB_DISABLE_LINUX_UUID=true

# Uncomment to disable generation of recovery mode menu entries
GRUB_DISABLE_RECOVERY=true

# Uncomment and set to the desired menu colors.  Used by normal and wallpaper
# modes only.  Entries specified as foreground/background.
GRUB_COLOR_NORMAL="light-gray/black"
GRUB_COLOR_HIGHLIGHT="green/black"

# Uncomment one of them for the gfx desired, a image background or a gfxtheme
#GRUB_BACKGROUND="/usr/share/grub/background.png"
GRUB_THEME="/usr/share/grub/themes/manjaro/theme.txt"

# Uncomment to get a beep at GRUB start
#GRUB_INIT_TUNE="480 440 1"

# Uncomment this option to enable os-prober execution in the grub-mkconfig command
GRUB_DISABLE_OS_PROBER=false

Would be nice if someone could help me out.

Thanks in advance

EDIT:
I just edited and updated my grub again and the boot timeout changed, i just changed it from 0 to 1 and its doing his job now, but my other OS (Win7) is showed up and also Grub is still not hidden… i don’t want this feature if the security issue still persists.

I don’t need that option for grub anyways, because i change bootoptions inside Bios with F12 hotkey.
Is there still a security problem?

megavolt · 24 March 2021 23:25

Change this to:

GRUB_DISABLE_OS_PROBER=true

and

sudo update-grub

and only Manjaro will be there on the bootloader list.

For a hidden menu this is correct:

but maybe needs an update-grub ?

Kobold · 25 March 2021 00:49

That’s the strange thing… i used update-grub several times now and its just get ignored.
Maybe i just have to edit the line that it won’t get ignored… where ever that problem related too.

I had Timeout=0 before and just after i changed it too 1, its just changed the time from 10sec to 1sec… but i used sudo update-grub atleast 3 times already without any solution.

Thanks… Do you know what happend with the security problem in grub? Is it solved?

megavolt · 25 March 2021 01:04

Sorry, no idea if it solved, but from what I read, to fix the security hole, you will need also to reinstall grub, not only update it.

sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=manjaro --recheck

This only updates the config:

# same as "sudo update-grub"
sudo grub-mkconfig -o /boot/grub/grub.cfg

Kobold · 25 March 2021 01:19

This reinstall command is only for EFI installation, right?

Or should it work with MBR/Legacy Boot too?
Im better copy your command if something goes wrong with grub again… just in case

Anyways, i think i just recieved the rollback from the security hole with the last update (2 days ago, can’t remember the package name… iconpackage and something other…), that’s why the bootmenu had to show up again and the reason why GRUB_DISABLE_OS_PROBER=false showed up inside grub again after it got removed.

megavolt · 25 March 2021 01:26

Yes

No this one should then work:

grub-install --force --target=i386-pc --recheck --boot-directory=/boot /dev/sdy

Change /dev/sdy to you your device.

omano · 25 March 2021 01:53

If you have another OS in Grub menu you can not hide the Grub menu. Setting timeout to 0 is also not valid it defaults to 10 seconds I think. 1 second is valid though.

//EDIT: it is specifically this part in grub.cfg file, when OS Prober is enabled then it forces the menu style and defaults 0 second timeout to 10 seconds

### BEGIN /etc/grub.d/30_os-prober ###
menuentry 'Windows Boot Manager (on /dev/sdc1)' --class windows --class os $menuentry_id_option 'osprober-efi-181F-8A30' {
	savedefault
	insmod part_gpt
	insmod fat
	set root='hd2,gpt1'
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint-bios=hd2,gpt1 --hint-efi=hd2,gpt1 --hint-baremetal=ahci2,gpt1  181F-8A30
	else
	  search --no-floppy --fs-uuid --set=root 181F-8A30
	fi
	chainloader /efi/Microsoft/Boot/bootmgfw.efi
}
set timeout_style=menu
if [ "${timeout}" = 0 ]; then
  set timeout=10
fi
### END /etc/grub.d/30_os-prober ###

Kobold · 25 March 2021 02:09

Thank you both for helping me out

system · 9 April 2021 02:10

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.