Modifying Kernel Arguments

Modifying Kernel Arguments via Ignition

You can specify kernel arguments in a Butane config using the kernel_arguments section.

Example: Disabling all CPU vulnerability mitigations

Here’s an example kernelArguments section which switches mitigations=auto,nosmt to mitigations=off to disable all CPU vulnerability mitigations:

variant: fcos
version: 1.5.0
kernel_arguments:
  should_exist:
    - mitigations=off
  should_not_exist:
    - mitigations=auto,nosmt
yaml

Modifying Console Configuration During Bare Metal Install

coreos-installer has special support for changing the console configuration when performing a bare-metal installation. This functionality can be used to add console arguments to the kernel command line and equivalent parameters to the GRUB bootloader configuration. For more information, see Emergency Console Access. For more information about bare metal installs, see Installing CoreOS on Bare Metal.

Modifying Kernel Arguments on Existing Systems

Kernel arguments changes are managed by rpm-ostree via the rpm-ostree kargs subcommand. Changes are applied to a new deployment and a reboot is necessary for those to take effect.

Adding kernel arguments

You can append kernel arguments. An empty value for an argument is allowed:

$ sudo rpm-ostree kargs --append=KEY=VALUE
bash
Example: Add reserved memory for Kdump support
$ sudo rpm-ostree kargs --append='crashkernel=256M'
bash

Removing existing kernel arguments

You can delete a specific kernel argument key/value pair or an entire argument with a single key/value pair:

$ sudo rpm-ostree kargs --delete=KEY=VALUE
bash
Example: Re-enable SMT on vulnerable CPUs
$ sudo rpm-ostree kargs --delete=mitigations=auto,nosmt
bash
Example: Update an existing system from cgroupsv1 to cgroupsv2 and immediately reboot
$ sudo rpm-ostree kargs --delete=systemd.unified_cgroup_hierarchy --reboot
bash

Replacing existing kernel arguments

You can replace an existing kernel argument with a new value. You can directly use KEY=VALUE if only one value exists for that argument. Otherwise, you can specify the new value using the following format:

$ sudo rpm-ostree kargs --replace=KEY=VALUE=NEWVALUE
bash
Example: Disable all CPU vulnerability mitigations
$ sudo rpm-ostree kargs --replace=mitigations=auto,nosmt=off
bash

This switches mitigations=auto,nosmt to mitigations=off to disable all CPU vulnerability mitigations.

Interactive editing

To use an editor to modify the kernel arguments:

$ sudo rpm-ostree kargs --editor
bash