0 Replies Latest reply on Aug 31, 2020 11:07 PM by Avi Miller-Oracle

    NOTICE: Replacement build for Oracle Linux 7 kernel version 3.10.0-1127.19.1

    Avi Miller-Oracle

      Description

       

      The Red Hat Compatible Kernel (RHCK) version kernel-3.10.0-1127.19.1.el7.x86_64 was released to the Oracle yum servers on August 20, 2020, with a build error that resulted in an incorrect UEFI Secure Boot key. If the incorrect build of this kernel is installed, systems using UEFI Secure Boot will not be able to boot that version. Additionally, the incorrect build of 3.10.0-1127.19.1 will not properly apply Ksplice rebootless patches.

       

      RHCK kernel-3.10.0-1127.19.1.el7.x86_64 was re-released on August 24, 2020, signed with the correct Secure Boot key.

       

      If you synchronize content from ULN or yum.oracle.com using Spacewalk, the uln-yum-mirror tool, or a third-party solution, ensure that you resync your mirror of the "ol7_latest" and/or "ol7_u8_patch" channels after that date. This note details how to detect the incorrect build, and replace it with the correct build if it is installed on your system.

       

      Occurence

       

      This issue will occur if you have installed the kernel-3.10.0-1127.19.1.el7.x86_64 before August 24, 2020.

       

      Checking for this issue

       

      If you have this kernel version installed but have not yet rebooted, you can check for the presence of the problem with RPM metadata. The correct build will show:

       

      # TZ=UTC rpm -qi kernel-3.10.0-1127.19.1.el7.x86_64 | grep Build.Date
      Build Date : Sun Aug 23 18:07:35 2020
      

       

      If the RPM is not yet installed, you can also check the md5sum of the kernel RPM. The correct build will show:

       

      # md5sum kernel-3.10.0-1127.19.1.el7.x86_64.rpm
      d0f980f422389df88756177c9f2042f1 kernel-3.10.0-1127.19.1.el7.x86_64.rpm
      

       

      Only the "kernel" RPM needs to be replaced. Related RPMs such as "kernel-headers", "kernel-devel", "kernel-tools", or "kernel-tools-libs" do not require replacement.

       

      Workaround

       

      If the incorrect build is currently installed:

       

      Replace the incorrect build with the correct one, then check again with the "rpm -qi" command above.

       

      1. If the system has not yet rebooted into the new kernel, reinstall the correct build with:  # yum clean all
        # yum reinstall kernel-3.10.0-1127.19.1.el7
      2. If the system no longer boots, but there is a recent UEK, OR kernel 3.10.0-1127.18.2 installed:
        Boot into the alternate, correctly booting kernel
        Run:
        # yum clean all
        # yum reinstall kernel-3.10.0-1127.19.1.el7
      3. If the system no longer boots into any kernel from the grub boot menu:
        • Boot to UEFI menus  Note: This may require pressing a key such as F2 or F1 during boot, please see your hardware documentation.
        • In UEFI menus, disable Secure Boot but NOT UEFI
        • Boot into any kernel
        • Run: 
          # yum clean all
          # yum reinstall kernel-3.10.0-1127.19.1.el7
        • Reboot into UEFI menus again
        • Re-enable Secure Boot
        • Boot into the desired kernel

       

       

      For local YUM mirrors, please perform the following steps on your mirror server

       

      # yum clean all 
      # find /<mirror repo location>/ -name kernel-3.10.0-1127.19.1.el7*
      /<mirror repo location>/kernel-3.10.0-1127.19.1.el7.x86_64.rpm
      
      
      # rm -f /<mirror repo location>/kernel-3.10.0-1127.19.1.el7.x86_64.rpm
      # /usr/bin/reposync  --repoid=ol7_latest -p /<mirror repo location>/  --downloadcomps --download-metadata
      # createrepo /<mirror repo location>
      

       

      Also published as Oracle Linux: Replacement Build for OL7 Kernel 3.10.0-1127.19.1 (Doc ID 2704295.1) on My Oracle Support.