I’ve got HEADS bios which alerts me to changes in /boot files. I had a fresh Qubes 4.1 install with no internet connectivity, and I booted it up, shut it down, no /boot changes.
Then I booted it up and ran the backup and created a debian Qube to send those backups. On restart I was informed there were changes in ./grub2/grubenv. This happened on two separate installations. When I cat the file, it says the following:
#GRUB Environment Block
saved_entry=gnulinux-advanced-ed56b049-bc17-47c9-8879-0bc0aef5bbbd>xen-hypervisor-4.14.3-ed56b049-bc16-47c9-8879-0bc0aef5bbdb>xen-gnulinux-5.10.90-1.fc32.qubes.x86_64-advanced-ed56b049-bc17-47c9-8879-0bc0aef5bbdb
boot_success=1
######################################################################################################################################################################################################################/boot/grub2
My understanding of Grubenv is that it is an environmental block that saves some basic information about the boot, like preferences etc. Is this accurate, and is there anything in that file that might be of concern from say a firmware attack? It looks inane, maybe just conveying information about the boot.
I’m trying to better understand some of these things, but extensive googling didn’t reveal enough information about grubenv to consider this post unnecessary.