marmarek
commented
1 year ago For the context, the bug that we're talking about here (https://github.com/QubesOS/qubes-issues/issues/7828) is not in the hypervisor itself, so backing up just xen.gz/xen.efi won't help. It's in /etc/xen/scripts/block.
Some possibility could be keeping old rpm packages before update. This way you could simply do sudo dnf downgrade <package>. There are a lot of details here (which version to keep, how long, where, etc)...
An alternative that exists already is to use installer rescue mode and downgrade specific package, using the one you have on the installer ISO already.
SurFlurer
How to file a helpful issue
The problem you're addressing (if any)
In some rare cases, a Xen bug will make all VMs don't boot. This is extremely fatal, since there's no visible way to fetch a proper version for dom0 to come back to normal. (maybe the installation ISO rescue mode will help?)
The solution you'd like
There are two ways to address the issue.
One is to always have an old Xen version backed up in dom0. Maybe some tools can be developed to automate the process. This option will be of less helpful if dom0 cannot boot.
The other is to have another folder in EFI partition (I suggest naming it qubes.old), and hopefully grub will detect it and add another EFI entry. This is useful when dom0 cannot boot. It is similar to how we handle kernel version now.
The value to a user, and who that user might be
Users are able to recover from Xen update failure much easier.