Am Samstag, dem 18.10.2025 um 21:49 -0400 schrieb Demi Marie Obenour: > This isn't systemd-specific, but I know that at least some systemd developers recommend using UEFI secure boot + dm-verity, which leads to this problem. I also don't know a better place to ask for help on this. > > How do OSs using dm-verity and UKIs find the user data partition? On some systems it is trivial, as the storage device it must be on is known ahead of time. However, desktops and servers can have many storage devices or even use RAID, making this very nontrivial. > > Non-immutable OSs generally store this information in either the initramfs, root filesystem, or kernel command line. However, with signed UKIs and dm-verity both the initramfs and root filesystem are provided by the OS vendor and can't be changed. This means that one must load the user data partition to be able to read any data one has stored on disk, but one must read data stored by the installer to find the user data partition. Circular dependency, whoops. > > What is the standard solution to this problem, if any? The only one I have come up with is UEFI variable storage, but I'm curious if there are others.
Hi Demi, first, you could check with the partition label, if you have control over the system. Also, there are defined [partition type GUIDs](https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs) for different types of usage. You find also more information at <https://www.freedesktop.org/software/systemd/man/latest/systemd-gpt-auto-generator.html> and <https://uapi-group.org/specifications/specs/discoverable_partitions_specification/>. BR Silvio
signature.asc
Description: This is a digitally signed message part
