I’ve got HEADS bios which alerts me to changes in /boot files. I had a fresh Qubes 4.1 install with no internet connectivity, and I booted it up, shut it down, no /boot changes.
Then I booted it up and ran the backup and created a debian Qube to send those backups. On restart I was informed there were changes in ./grub2/grubenv. This happened on two separate installations. When I cat the file, it says the following:
My understanding of Grubenv is that it is an environmental block that saves some basic information about the boot, like preferences etc. Is this accurate, and is there anything in that file that might be of concern from say a firmware attack? It looks inane, maybe just conveying information about the boot.
I’m trying to better understand some of these things, but extensive googling didn’t reveal enough information about grubenv to consider this post unnecessary.
Hi, I have a similar problem and I do not understand what a standart env block means in this case.
I am running Qubes together with Heads, which can notify me if there is a change in the files inside /boot section. I installed Qubes R4.2 on a machine, login first time via “boot options > ignore tampering” inside Heads to set installation options like default Qubes etc. and afterwards turned off and turn on again to own the states inside Heads. After re-ownership, I sign the contents of /boot and login to OS. I restart the machine without connecting to internet and verification of the boot content was successful. 2nd time, I turned on the machine and connected to internet, wait for 10 minutes and turned it off again. After this heads tells me that /boot/grub2/grubenv is changed. Any reason for such a change? I do not understand why grubenv didn’t change just after the first restart and only changed after the second, when I connected to internet.
I found out that, other people come across with similar problem (here and here also) but nobody answered in a way that I understand why such a change happens in a “random” way. Also as this happened to my machine just after only connecting to internet (without doing any updates of VMs or dom0) seems a bit off.