Re: /boot partition changes when it should not

To: debian-user@lists.debian.org
Subject: Re: /boot partition changes when it should not
From: Stephen Powell <zlinuxman@wowway.com>
Date: Thu, 11 Mar 2010 11:54:33 -0500 (EST)
Message-id: <[🔎] 1287348563.18397681268326473400.JavaMail.root@md01.wow.synacor.com>
In-reply-to: <[🔎] 4B991086.8030400@web.de>

On one of the hardware platforms that I support, namely running Debian in
a virtual machine under z/VM (s390/s390x architecture) there is a
very simple solution to this whole problem: make the /boot partition
a read-only minidisk.  That way, the hypervisor (the CP component
of z/VM) does not allow ANY write operations.  Period.  No exceptions.
Even root cannot write to it.  If you try to remount the filesystem
read-write, you get I/O errors.  The only way to write to it is to
tell the hypervisor to re-link it read/write.  And you can prevent
that too, if you like, via security mechanisms in the hypervisor.
Also, the only supported boot loader for this architecture, zipl,
uses the "list of sectors" method, rather than "mounting" the filesystem,
in order to locate and load the kernel image and the initial RAM disk
image.

Unfortunately, that does not help *you*.  But I wonder if some type
of x86 virtualization hypervisor could do something similar.
That's a lot of overhead if safeguarding the /boot partition is
all you want to do, but it is one possibility you might want to
look at, at least to *find* the problem.  I'm afraid I don't know much
of anything about x86-based hypervisors; so I won't be of any help there.

If you can't figure out how to make grub use the "list of sectors"
method, I once again suggest that you switch to lilo.  I switched to lilo
on my squeeze box for its "vga" option that allows me to get a different
hardware-level text mode than 80x25.  grub version 1 (used by Lenny)
supports that, but grub version 2 (used by Squeeze) does not.
(Although I think I remember seeing a recent post to this list
that indicated that grub version 2 had recently been enhanced to support
the equivalent of the vga option.)

Anyway, I switched to lilo;
it solved my problem; and I was happy.  I've never looked back.
I'll probably continue to use lilo unless and until I have a
compelling reason to switch to something else.  For me, it "just works".

-- 
  .''`.     Stephen Powell    <zlinuxman@wowway.com>
 : :'  :
 `. `'`
   `-

Reply to:

Follow-Ups:
- Re: /boot partition changes when it should not
  - From: Clive McBarton <clivemcbarton@web.de>

References:
- Re: /boot partition changes when it should not
  - From: Clive McBarton <clivemcbarton@web.de>

Prev by Date: Re: /boot partition changes when it should not
Next by Date: Re: Installer problem
Previous by thread: Re: /boot partition changes when it should not
Next by thread: Re: /boot partition changes when it should not
Index(es):
- Date
- Thread