On 10/20/25 05:57, killermoehre wrote: > Am Samstag, dem 18.10.2025 um 21:49 -0400 schrieb Demi Marie Obenour: > >> This isn't systemd-specific, but I know that at least some systemd >> developers recommend using UEFI secure boot + dm-verity, which leads >> to this problem. I also don't know a better place to ask for help >> on this. >> >> How do OSs using dm-verity and UKIs find the user data partition? >> On some systems it is trivial, as the storage device it must be on >> is known ahead of time. However, desktops and servers can have many >> storage devices or even use RAID, making this very nontrivial. >> >> Non-immutable OSs generally store this information in either the >> initramfs, root filesystem, or kernel command line. However, with >> signed UKIs and dm-verity both the initramfs and root filesystem are >> provided by the OS vendor and can't be changed. This means that one >> must load the user data partition to be able to read any data one >> has stored on disk, but one must read data stored by the installer >> to find the user data partition. Circular dependency, whoops. >> >> What is the standard solution to this problem, if any? The only one I >> have come up with is UEFI variable storage, but I'm curious if there >> are others. > > Hi Demi, > > first, you could check with the partition label, if you have control over the > system.
What do you mean by “have control over the system”? I need to support use-cases where there are other block devices, some of which might contain images of the same OS. > Also, there are defined [partition type > GUIDs](https://en.wikipedia.org/wiki/GUID_Partition_Table#Partition_type_GUIDs) > for different types of usage. You find also more information at > <https://www.freedesktop.org/software/systemd/man/latest/systemd-gpt-auto-generator.html> > and > <https://uapi-group.org/specifications/specs/discoverable_partitions_specification/>. That tells me which partition on a block device to mount, but not which block device to use. -- Sincerely, Demi Marie Obenour (she/her/hers)
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
