When performing an image upgrade and Linux Kernel command-line option that should be passed via GRUB to the Linux Kernel are missing on the first boot. This is because when generating the GRUB command-line via the op-mode scripts the CLI nodes defining the options are not honored.
Reproduce
- Check setting (e.g. disable-mitigations) is enabled
vyos@vyos:~$ cat /proc/cmdline BOOT_IMAGE=/boot/1.4.1/vmlinuz boot=live rootdelay=5 noautologin net.ifnames=0 biosdevname=0 vyos-union=/boot/1.4.1 mitigations=off console=ttyS0,115200 console=tty0
- Upgrade image 1.4.1 -> 1.4.2
vyos@vyos:~$ add sys im /tmp/vyos-1.4.2-generic-amd64.iso The file is 454.000 MiB. [##############################################################################################################################################################################################################################################################################################################] 100% Validating signature Signature is valid Validating image checksums What would you like to name this image? (Default: 1.4.2) Would you like to set the new image as the default one for boot? [Y/n] An active configuration was found. Would you like to copy it to the new image? [Y/n] Copying configuration directory Would you like to copy SSH host keys? [Y/n] Copying SSH host keys Copying system image files Cleaning up Unmounting target filesystems Removing temporary files vyos@vyos:~$ reboot now
- Check if Kernel command-line parameter is presend -> fail
Welcome to VyOS! ┌── ┐ . VyOS 1.4.2 └ ──┘ sagitta * Documentation: https://docs.vyos.io/en/sagitta * Project news: https://blog.vyos.io * Bug reports: https://vyos.dev You can change this banner using "set system login banner post-login" command. VyOS is a free software distribution that includes multiple components, you can check individual component licenses under /usr/share/doc/*/copyright vyos@vyos:~$ cat /proc/cmdline BOOT_IMAGE=/boot/1.4.2/vmlinuz boot=live rootdelay=5 noautologin net.ifnames=0 biosdevname=0 vyos-union=/boot/1.4.2 console=ttyS0,115200 console=tty0
- Reboot again - and check Kernel command-line options -> found
vyos@vyos:~$ reboot now
Welcome to VyOS! ┌── ┐ . VyOS 1.4.2 └ ──┘ sagitta * Documentation: https://docs.vyos.io/en/sagitta * Project news: https://blog.vyos.io * Bug reports: https://vyos.dev You can change this banner using "set system login banner post-login" command. VyOS is a free software distribution that includes multiple components, you can check individual component licenses under /usr/share/doc/*/copyright Last login: Mon Apr 7 20:59:48 2025 from 172.16.33.104 vyos@vyos:~$ cat /proc/cmdline BOOT_IMAGE=/boot/1.4.2/vmlinuz boot=live rootdelay=5 noautologin net.ifnames=0 biosdevname=0 vyos-union=/boot/1.4.2 mitigations=off console=ttyS0,115200 console=tty0