On Di, 23.09.25 14:46, Itxaka Serrano Garcia ([email protected]) wrote:
> > > In our case it is due to needing to differentiate the "state", like we > > have > > > an active/passive/recovery but the actual content of the efi files are > > the > > > same (at least initially) so we identify them by checking the > > > LoaderEntrySelected efivar and compare that to our list. So a conf called > > > active.conf matches our active, and another marked as active-debug.conf > > > would match active but with debug. We need this as we run different > > things > > > depending on the entry you choose > > > > You can look into /run/systemd/stub/profile (after tmpfiles ran in the > > initrd) or /.extra/profile (before it ran), and it should tell you > > exactly which profile was booted. > > Yup this seems to work, but does it work only with multiprofile efi > files? what would you even put there on UKIs that have no profiles? > AFAIK what its there its the .profile section, but on single profile efi > files the .profile section is not needed, so its not backwards compatible > with older efi files, even if you were to create a .profile for single > profile efi files no? If the /run/systemd/stub/profile file doesn't exist it means "default profile selected". And a UKI without profiles is understood to be the same as one which just has one profile and that one is the default one. > In any case, the LoaderEntrySelected is the most compatible thing for this > and while I would love to move to a Type 2, which is immensely easier, > dealing with text files is much much simpler, for example to reset the boot > assesment counter, or change the order-id during runtime, which I think its > very important as we are talking signed+measured efi files, which means we > cant alter anything on them after their creation. Type 1 gives more > flexibility in this aspect IMHO. sd-boot style assesment counters work the same for type 1 and type 2? In type 1 case the .conf file is renamed, in type 2 case the .efi file is renamed? Lennart -- Lennart Poettering, Berlin
