support bootupd for bootloader management/updates

[miabbott]

Is your feature request related to a problem? Please describe.

When we update Fedora IoT via rpm-ostree upgrade, the bootloader binaries remains unchanged due the fact that the ostree model does not cover changes to the bootloader. Thus, users need to manually intervene to workaround this limitation and ensure the GRUB + UEFI shim firmware are up-to-date.

Describe the solution you'd like

Fedora IoT should be produced in a way that allows the use of bootupd to update the bootloader successfully.

Describe alternatives you've considered

Current alternative is a manual intervention by the user to copy the GRUB + UEFI shim from the ostree commit to the /boot partition. See fedora-silverblue/issue-tracker#120 (comment)

Additional context

Supporting bootupd requires that Fedora IoT is built using "unified-core" mode, which is not yet supported by osbuild.

See also: https://gitlab.com/CentOS/cloud/issue-tracker/-/issues/6

[nullr0ute]

We looked at doing UC via the pungi/koji build (I think this is what SB uses) to be consumed by osbuild as a short term hack while the osbuild support landed. Not sure where we got there. Colin also said on our sync at one point that bootupd could be decoupled from UC.

[miabbott]

It should be possible to start using bootupd in IoT regardless of using unified-core mode to compose the ostree commit, but it is not clear how we go about enabling it.

Additional investigation will be required.

[miabbott]

Since Fedora IoT has switched to using unified-core for composes (see #7 ), we should be able to pursue enabling bootupd

If I look at how it was done for Silverblue (https://pagure.io/workstation-ostree-config/pull-request/403), the changes to the compose look pretty straight-forward: just the inclusion of the bootupd package and a postprocess script (https://pagure.io/workstation-ostree-config/blob/main/f/bootupd.yaml)

@paulwhalen is this something we can try in Rawhide? Do you think we need a Fedora Change for it?

[pcdubs]

@paulwhalen is this something we can try in Rawhide? Do you think we need a Fedora Change for it?

We've missed the change deadline for Fedora 40, but I don't think that prevents us from enabling it.

[miabbott]

Looks like the Silverblue enablement hit some snags - fedora-silverblue/issue-tracker#530

[pcdubs]

Enabled in Rawhide and included in Fedora-IoT-41-20240223.0

PR for f40

[pcdubs]

Enabled in F40 composes since Fedora-IoT-40-20240227.1

PR to add in osbuild/images.

[pcdubs]

This was later reverted due to issues with anaconda.

Still enabled in F41.

[miabbott]

From the bootupd docs about integrating with a distrobution, we have the first part of the puzzle in place:

https://pagure.io/fedora-iot/ostree/c/4ef41ffa05c6973590756ea4307d8899904e46b9?branch=main

The second part of the puzzle will probably require some changes to the osbuild code that generates the IoT disk images.