[1668982776] Upstream Reporter: Jonathan Lebon
Upstream issue status: Open
Upstream description:

Currently, Fedora CoreOS (and in fact, all other rpm-ostree-based Fedora variants) do not update the EFI bootloader together with host updates. The reason for this is explained in greater details in [the bootupd README](https://github.com/coreos/bootupd) (see especially [the Q&A](https://github.com/coreos/bootupd/#questions-and-answers)). Recently, we've hit [more](https://github.com/coreos/fedora-coreos-tracker/issues/1441) and [more](https://github.com/coreos/fedora-coreos-tracker/issues/1452) issues related to stale bootloaders, to the point where it's becoming more urgent that we fix this gap.

The main blocker to have automatic bootloader updates is to make them safer in bootupd (related issues: https://github.com/coreos/bootupd/issues/440, https://github.com/coreos/bootupd/issues/454). Once it's deemed safe enough to turn on by default, we then need to integrate it into FCOS. Fedora IoT and Fedora Silverblue likely will also want this.