Between Tuesday 23rd and Wednesday 24th there was, apparently a change in grub/grub2 that triggered the heads boot guard to show an alert.
I don’t remember if I updated dom0 as I use 2 machines, one with Qubes 4.1 which I update dom0 a lot and one with 4.0 - the one with the heads alert.
How can I check a change log to see if the change was expected or genuine tampering (admittedly unlikely but there’s no point using heads if you’re going to ignore it’s warnings).
In /var/log there’s a README that suggests looking in /var/log/journal but there’s masses of info there, way too long to read through all of it - thousands of pages per day.
Does anyone know if there was a legitimate change over that time period that would give the warning, ‘change to grub/grub2’ or words to that effect or where I can find out?
This is on a Librem mini v2 running 4.0.4.
Any ideas gratefully received,
thanks,
well, just recreate (or reset? i don’t remember) the tamper alert or something like that
that because updating the grub2 mean it change thing in the “boot stuff” to be able to fix bug, new feature, etc. and head alert when there something change in “boot stuff”
Between Tuesday 23rd and Wednesday 24th there was, apparently a change in grub/grub2 that triggered the heads boot guard to show an alert.
sudo dnf history list
… will show you a list of all transactions with ID, Command, Date and time and what action it was / how much got altered.
sudo dnf history info 9
… will show you a detailed log of the changes done with e.g. transaction #9
In my case the last kernel update (and thereby change to grub) happened 2021-11-22 (kernel 5.4.156 and 4.19.213). This might be what triggered your alert.
@ppc: I struggle to see how your comment is helpful. The OP made clear they want to investigate the reason before clearing the tamper alert. How does your comment add anything of value to the conversation?
Thanks Sven, that looks like the answer. Much appreciated. 
@ppc I have to agree with @Sven here … Your post is not addressing the OPs questions and is merely stating the obvious. Please ensure to abide by CoC and discussion guidelines to ensure discussion spaces are “friendly, productive places where information and ideas are exchanged for the mutual benefit of all.”