From d02b9b42654a8aaa760d9a7c8ea0af179acfd36d Mon Sep 17 00:00:00 2001
From: Andy Holtzmann <aholtzmann@equinix.com>
Date: Tue, 24 May 2022 11:02:52 -0600
Subject: [PATCH 1/2] remove autologin

having autologin on the kernel args goes against security best practices. It leaves the terminal logged in on a privileged user.
---
 coreos-base/oem-packet/files/grub.cfg | 1 -
 1 file changed, 1 deletion(-)

diff --git a/coreos-base/oem-packet/files/grub.cfg b/coreos-base/oem-packet/files/grub.cfg
index dbd914a92c9..d8a9e55173d 100644
--- a/coreos-base/oem-packet/files/grub.cfg
+++ b/coreos-base/oem-packet/files/grub.cfg
@@ -1,7 +1,6 @@
 # Flatcar GRUB settings
 
 set oem_id="packet"
-set linux_append="flatcar.autologin"
 
 if [ "$grub_cpu" = i386 ]; then
     set gfxpayload="1024x768x8,1024x768"

From a01f6ed5f4395eaed10487a2f051ffdecee8fc08 Mon Sep 17 00:00:00 2001
From: Andy Holtzmann <aholtzmann@equinix.com>
Date: Tue, 24 May 2022 11:09:34 -0600
Subject: [PATCH 2/2] Create 2022-5-24-remove-autologin-for-packet-oem.md

---
 changelog/security/2022-5-24-remove-autologin-for-packet-oem.md | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog/security/2022-5-24-remove-autologin-for-packet-oem.md

diff --git a/changelog/security/2022-5-24-remove-autologin-for-packet-oem.md b/changelog/security/2022-5-24-remove-autologin-for-packet-oem.md
new file mode 100644
index 00000000000..f4569b8d310
--- /dev/null
+++ b/changelog/security/2022-5-24-remove-autologin-for-packet-oem.md
@@ -0,0 +1 @@
+* Remove `flatcar.autologin` as a default kernel argument for best practices on packet-oem overlay.