Skip to content

GrubCC binary integration#2223

Open
Johan-Liebert1 wants to merge 5 commits into
bootc-dev:mainfrom
Johan-Liebert1:grub-cc
Open

GrubCC binary integration#2223
Johan-Liebert1 wants to merge 5 commits into
bootc-dev:mainfrom
Johan-Liebert1:grub-cc

Conversation

@Johan-Liebert1
Copy link
Copy Markdown
Collaborator

@Johan-Liebert1 Johan-Liebert1 commented Jun 2, 2026

Add GrubCC (Grub ConfidentialClusters) as a new bootloader option. This
is a minimal version of grub that's supposed to work exactly like
systemd-boot

Fixes: #2212

@Johan-Liebert1 Johan-Liebert1 added the ci/merge Run full CI suite (all OSes) — equivalent to merge queue label Jun 2, 2026
@github-actions github-actions Bot added the area/install Issues related to `bootc install` label Jun 2, 2026
@bootc-bot bootc-bot Bot requested a review from jeckersb June 2, 2026 10:36
gemini-code-assist[bot]
gemini-code-assist Bot reviewed Jun 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces support for GrubCC (Grub for Confidential Clusters) as a bootloader option, updating the Dockerfile to fetch the grub-cc RPM and adapting boot setup, status, rollback, and update validation logic across the codebase. The review comments identify several critical issues: the grub-cc download in the Dockerfile needs to be guarded for x86_64 and use curl -f to prevent silent failures; the deletion of boot/grub2 should check for existence first to avoid aborting the installation; the FromStr implementation for Bootloader must be updated to parse "grub-cc"; and the EFI loader info check for "GRUB CC" should be case-insensitive for robustness.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread Dockerfile
Comment thread crates/lib/src/bootc_composefs/boot.rs
Comment thread crates/lib/src/spec.rs
Comment thread crates/lib/src/bootc_composefs/status.rs Outdated
@Johan-Liebert1
bootloader: Add GrubCC bootloader
55f54c8 
Add GrubCC (Grub ConfidentialClusters) as a new bootloader option. This
is a minimal version of grub that's supposed to work exactly like
systemd-boot

Fixes: bootc-dev#2212

Signed-off-by: Johan-Liebert1 <pragyanpoudyal41999@gmail.com>
@Johan-Liebert1 Johan-Liebert1 requested a review from cgwalters June 2, 2026 10:42
@Johan-Liebert1
ci: Add grub-cc to matrix
6b0e715 
Only run grub-cc tests for f45 for now

Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
cgwalters
cgwalters reviewed Jun 2, 2026
View reviewed changes
Comment thread crates/lib/src/bootc_composefs/boot.rs
None,
)?;

// FIXME: Remove this hack once we have support in bootupd
Copy link
Copy Markdown
Collaborator

@cgwalters cgwalters Jun 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but it'd be clearer if this was in the conditional above right? Wouldn't bootupd bail in this scenario as is now?

Copy link
Copy Markdown
Collaborator Author

@Johan-Liebert1 Johan-Liebert1 Jun 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, bootupd will fail if it's only grub-cc, but another hack is that we don't remove grub from the Dockerfile currently. We keep it alongside the grub-cc binary. So bootupd installs grub, shim etc and afterwards we replace the grubx64.efi with grub-cc.efi. It's not clean

Comment thread crates/lib/src/bootc_composefs/delete.rs Outdated
@Johan-Liebert1
bootloader: Introduce BootloaderKind enum
751c2bb 
The two variants in this enum distinguish between Grub classic and BLS
compatible bootloader (GrubCC and SystemdBoot). This cleans up the
match statements where we perform the same op for GrubCC and SystemdBoot

Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
@Johan-Liebert1
tests: Update tests for GrubCC
70d1006 
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
@Johan-Liebert1
Run just update-generated
7d4781a 
Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>
@github-actions github-actions Bot added the area/documentation Updates to the documentation label Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cgwalters cgwalters cgwalters left review comments

@jeckersb jeckersb Awaiting requested review from jeckersb

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

area/documentation Updates to the documentation area/install Issues related to `bootc install` ci/merge Run full CI suite (all OSes) — equivalent to merge queue

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[ComposeFS Backend] Integration with GrubCC bootloader

2 participants

@Johan-Liebert1 @cgwalters