Hi all,
We had a big update come through PureOS Amber today that included a new kernel (4.19.0-12). Just to remind remind Pureboot users that any changes (legitimate or not) made in /boot or to grub.cfg will then prompt you when you reboot your Librem laptop.
Since the kernel has been updated, this is one of those legitimate changes so one can go ahead and resign everything. Just remember your Librem Key User PIN and READ all the prompts.
If you get stuck, check out our PureBoot Docs or post questions about it below.
After making a new checksum of the /boot files and signing them, since this change adds a new kernel to the /boot partition, you will get a warning that the list of boot entries has changed and asking to set a new default.
“ERROR: Boot Entry Has Changed”
The list of boot entries has changed
Please set a new default
Press: Please set a new default
Then I get “Boot PureOS GNU/Linux” and “Make PureOS GNU/Linux the default”.
Then you will be prompted with a list of all kernels available in /boot and asked to select a new default kernel:
Choose the boot option [1-11, a to abort]
Select option 1 (the top option) as that is the most recent kernel
Then on next when you continue you will be asked to confirm the new kernel as default.
(NOTE: I am aware that the quality of the pictures ain’t the best, once the camera drivers in the Librem 5 are working they will get better)
NOTE: About 2 days after you do this update, you will receive a new warning from Pureboot, something similar to this:
The following files failed the verification process:
./vmlinuz-4.19.0-2amd64
./grub/grub.cfg
./config-4.19.0-2-amd64
./initrd.img-4.19.0-2-amd64
./System.map-4.19.0-2-amd64
This is because the oldest kernel in the /boot partition is removed 48 hours after a new kernel is added there, per Debian (and PureOS) policy in: /etc/apt/apt.conf.d/01autoremove-kernels . See quote below from it and the file itself for more info:
In the common case this results in two kernels saved (booted into the second-latest kernel, we install the latest kernel in an upgrade), but can save up to four. Kernel refers here to a distinct release, which can potentially be installed in multiple flavours counting as one kernel.
So because it will be removed, PureBoot will see the change and asked to verify it.
Again in every single one of these steps verify your prompts to confirm the information. Ideally reboot the machine and do this process after the kernel update.
EDIT: this post is a continuation of this: PureBoot and PureOS Kernel Update to 4.19.0-9-amd64 but with more compiled information
Cheers!
