Dear Devs, this series changes how configuration environments are located. By that, accidential collisions with environments from other media (e.g. USB drives) can be avoided. For the recovery use-case, we provide an option to override this. In addition, this is a first step towards integrating with the systemd boot loader interface.
The core idea is to forward the boot device information from the bootloader to the userspace libraries by using EFI variables. This is required, as properly locating the block device of the config partitions is tricky, just based on the device the rootfs is on. Consider the following situations: - rootfs on different disk - rootfs on device mapper or mdadm As we want to stick to the systemd boot loader interface, we do not forward the UUIDs of the config envs, but just of the partition the loader was started from (this information is provided by EFI). Usually this is the UUID of the ESP. In userspace, we then resolve the backing / parent device of the ESP. This is trivial, as both partitions need to reside on the same device. Once we have that information, we can limit the probing to that device. Best regards, Felix Moessbauer Siemens AG Felix Moessbauer (3): efi: implement systemd boot loader interface libebgenv: only probe config on root dev (opt-out) ebg tools: add option to search on all devices Makefile.am | 2 + docs/API.md | 3 ++ env/env_api.c | 19 +++++-- env/env_api_fat.c | 4 +- env/env_config_partitions.c | 90 +++++++++++++++++++++++++++++++-- include/ebgenv.h | 9 ++++ include/ebgpart.h | 2 +- include/env_api.h | 2 +- include/env_config_partitions.h | 2 +- include/loader_interface.h | 25 +++++++++ kernel-stub/main.c | 11 ++++ loader_interface.c | 64 +++++++++++++++++++++++ main.c | 12 +++++ tools/bg_envtools.c | 4 ++ tools/bg_envtools.h | 4 ++ tools/bg_printenv.c | 7 ++- tools/bg_setenv.c | 8 ++- tools/ebgpart.c | 27 ++++++---- 18 files changed, 271 insertions(+), 24 deletions(-) create mode 100644 include/loader_interface.h create mode 100644 loader_interface.c -- 2.39.2 -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/20231016024846.521713-1-felix.moessbauer%40siemens.com.
