In order to protect any sensitive data on my work laptop, I use full-drive encryption. To aid recovery in case of theft, it normally boots to a honeypot installation of Windows with Prey installed. To boot into Linux, one must use a USB boot disk[1] which contains the contents of /boot.

Once in a while, it is necessary to upgrade the kernel. I don't do this very often, so it seems like the sort of process which should be documented.

  1. Mount /boot read-write: `mount -o rw /boot`
    I generally have /boot mounted read-only, in part because I don't usually have the thumbdrive plugged in (I don't boot very often, after all), and to ensure I don't accidentally make changes to it without being prepared to undergo this full process.
  2. Install kernel updates: `sudo aptitude full-upgrade`
  3. Reboot. Pray it works.
  4. Insert backup boot disk. (Just in case the thumbdrive on my keychain goes bad or gets lost.)
  5. Copy files from the updated boot disk to the backup: `rsync -av /boot /media/usb2`
  6. Remove the original boot disk. This will help prevent unfortunate mistakes.
  7. Alter grub.cfg of backup boot disk to refer to the proper UUID: `sudo sed -i s/$UUID_OF_BOOT/$UUID_OF_BACKUP/ grub/grub.cfg`
    `blkid` comes in handy for finding the relevant UUIDs.
  8. Reboot. Pray it works.

Assuming both boot disks successfully boot the machine with the updated kernel, congratulations! You have successfully updated the kernel!

[1] It's not quite as much a waste of a thumbdrive as you might think. The sticks have a FAT partition of ~90% or so of the advertised capacity, so they can still be used to transfer files between computers or for data storage.

Date: 2013-May-30, Thursday 03:08 (UTC)
From: (Anonymous)
In this article you mention booting from a usb device containg /boot partition I've scoured google and have yet to find any referance to this process other than your blog. I was looking fora tutorial todo such a thing and was wondering if you would mind putting together some kimd of instructions. Thanks in advance. Regards Barry

