What were you trying to do that didn't work?

Apply updated boot options in /etc/default/grub with grub2-mkconfig

Please provide the package NVR for which bug is seen:

grub2-tools-2.06-70.el9_3.2.x86_64

How reproducible:

Every time grub2-mkconfig --update-bls-cmdline is run and there are escapes (i.e. backslashes) in GRUB_CMDLINE_LINUX

Steps to reproduce

1. Update the GRUB_CMDLINE_LINUX in /etc/default/grub with some directive which has special characters (particularly "&", since grub cannot read it) which are escaped. For example: 

1. cat /etc/default/grub
   GRUB_TIMEOUT=5
   GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
   GRUB_DEFAULT=saved
   GRUB_DISABLE_SUBMENU=true
   GRUB_TERMINAL_OUTPUT="console"
   GRUB_CMDLINE_LINUX="rd.lvm.lv=rhel/root debug boot=UUID=XXXX  ds=hostname-net\;s=https://someurl:port/url\&foo"
   GRUB_DISABLE_RECOVERY="true"
   GRUB_ENABLE_BLSCFG=true

2. Run "grub2-mkconfig --update-bls-cmdline -o /boot/grub2/grub.cfg"

3. The boot options in grub.cfg are escaped as expected, but the ones in the /boot/loader/entries files are not. For example:

$ less /boot/loader/entries/XXXX-5.14.0-284.30.1.el9_2.x86_64.conf

...
options root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/root boot=UUID=XXXX ds=hostname-net;s=https://someurl:port/url&foo

$ less /boot/grub2/grub.cfg

...

1. the kernelopts variable in the grubenv file and the fallback kernelopts variable.
   if [ -z "${kernelopts}" ]; then
    set kernelopts="root=/dev/mapper/rhel-root ro rd.lvm.lv=rhel/root boot=UUID=XXXX ds=hostname-net\;s=https://someurl:port/url\&foo"
   fi

Expected results

The boot options placed in /boot/loader/entries files should include escapes like the ones in grub.cfg.

Actual results

Escapes are lost when options are copied into blscfg entries.