On Fri, Feb 23, 2018 at 04:06:32PM +0100, [ext] Jan Kiszka wrote:
> Hi all,
>
> for various purposes, including securing the boot process, we identified
> the requirement to query the last used boot path from within the booted
> system. That would also allow, among other things, to remove the need
> for setting a specific rootfs in each ebg environment and rather derive
> it from that query inside an initramfs e.g.
>
> Options to provide this feature:
>
> a) add a command line tool that queries all ebg environments to figure
> out which one was last booted -> is the exist state space sufficient
> to derive that information?
If we modify the output of bg_printenv, the partition can be printed
together with the highest revision that is not in progress.
This way, no additional tool would be needed, for example:
Current Revision: 7 (/dev/sda2)
This can easily be retrieved with grep.
>
> b) pass information which environment (partition?) ebg chose to the
> kernel it boots via
This is the environment with the highest revision which is not
in progress (already solved by a)
> b1) pseudo parameter to the kernel -> not nice as that pollutes the
> parameter namespace of the kernel binary
One can start the kernel with initrd and root=/dev/ram0, this
way it should start with the initrd as root and the parameter
space is not polluted. Later on, the initrd can use pivot_root
system call to move root to the extracted value from
bg_printenv.
However, currently not all systems use initrd... for example we
have none in some yocto builds.
> b2) via some variable that get resolved when building the kernel
> parameter string
This is even worse than giving a fixed parameter...
>
Andreas
> Any ideas, comments, suggestions on this?
>
> Jan
>
> --
> Siemens AG, Corporate Technology, CT RDA IOT SES-DE
> Corporate Competence Center Embedded Linux
>
> --
> You received this message because you are subscribed to the Google Groups
> "EFI Boot Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/efibootguard-dev/17592bad-af66-b7c7-062b-f64723457010%40siemens.com.
> For more options, visit https://groups.google.com/d/optout.
--
Andreas Reichel
Dipl.-Phys. (Univ.)
Software Consultant
[email protected], +49-174-3180074
TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring
Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller
Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082
--
You received this message because you are subscribed to the Google Groups "EFI
Boot Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/efibootguard-dev/20180226095452.GA31882%40iiotirae.
For more options, visit https://groups.google.com/d/optout.
