1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 #include <linux/magic.h>
9 #include "alloc-util.h"
10 #include "blkid-util.h"
12 #include "conf-files.h"
14 #include "device-nodes.h"
19 #include "parse-util.h"
20 #include "path-util.h"
21 #include "stat-util.h"
22 #include "string-util.h"
26 static void boot_entry_free(BootEntry
*entry
) {
33 free(entry
->show_title
);
35 free(entry
->machine_id
);
36 free(entry
->architecture
);
37 strv_free(entry
->options
);
40 strv_free(entry
->initrd
);
41 free(entry
->device_tree
);
44 static int boot_entry_load(
49 _cleanup_(boot_entry_free
) BootEntry tmp
= {};
50 _cleanup_fclose_
FILE *f
= NULL
;
59 c
= endswith_no_case(path
, ".conf");
61 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Invalid loader entry filename: %s", path
);
64 tmp
.id
= strndup(b
, c
- b
);
68 tmp
.path
= strdup(path
);
72 tmp
.root
= strdup(root
);
76 f
= fopen(path
, "re");
78 return log_error_errno(errno
, "Failed to open \"%s\": %m", path
);
81 _cleanup_free_
char *buf
= NULL
, *field
= NULL
;
84 r
= read_line(f
, LONG_LINE_MAX
, &buf
);
88 return log_error_errno(r
, "%s:%u: Line too long", path
, line
);
90 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
94 if (IN_SET(*strstrip(buf
), '#', '\0'))
98 r
= extract_first_word(&p
, &field
, " \t", 0);
100 log_error_errno(r
, "Failed to parse config file %s line %u: %m", path
, line
);
104 log_warning("%s:%u: Bad syntax", path
, line
);
108 if (streq(field
, "title"))
109 r
= free_and_strdup(&tmp
.title
, p
);
110 else if (streq(field
, "version"))
111 r
= free_and_strdup(&tmp
.version
, p
);
112 else if (streq(field
, "machine-id"))
113 r
= free_and_strdup(&tmp
.machine_id
, p
);
114 else if (streq(field
, "architecture"))
115 r
= free_and_strdup(&tmp
.architecture
, p
);
116 else if (streq(field
, "options"))
117 r
= strv_extend(&tmp
.options
, p
);
118 else if (streq(field
, "linux"))
119 r
= free_and_strdup(&tmp
.kernel
, p
);
120 else if (streq(field
, "efi"))
121 r
= free_and_strdup(&tmp
.efi
, p
);
122 else if (streq(field
, "initrd"))
123 r
= strv_extend(&tmp
.initrd
, p
);
124 else if (streq(field
, "devicetree"))
125 r
= free_and_strdup(&tmp
.device_tree
, p
);
127 log_notice("%s:%u: Unknown line \"%s\", ignoring.", path
, line
, field
);
131 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
135 tmp
= (BootEntry
) {};
139 void boot_config_free(BootConfig
*config
) {
144 free(config
->default_pattern
);
145 free(config
->timeout
);
146 free(config
->editor
);
147 free(config
->auto_entries
);
148 free(config
->auto_firmware
);
150 free(config
->entry_oneshot
);
151 free(config
->entry_default
);
153 for (i
= 0; i
< config
->n_entries
; i
++)
154 boot_entry_free(config
->entries
+ i
);
155 free(config
->entries
);
158 static int boot_loader_read_conf(const char *path
, BootConfig
*config
) {
159 _cleanup_fclose_
FILE *f
= NULL
;
166 f
= fopen(path
, "re");
171 return log_error_errno(errno
, "Failed to open \"%s\": %m", path
);
175 _cleanup_free_
char *buf
= NULL
, *field
= NULL
;
178 r
= read_line(f
, LONG_LINE_MAX
, &buf
);
182 return log_error_errno(r
, "%s:%u: Line too long", path
, line
);
184 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
188 if (IN_SET(*strstrip(buf
), '#', '\0'))
192 r
= extract_first_word(&p
, &field
, " \t", 0);
194 log_error_errno(r
, "Failed to parse config file %s line %u: %m", path
, line
);
198 log_warning("%s:%u: Bad syntax", path
, line
);
202 if (streq(field
, "default"))
203 r
= free_and_strdup(&config
->default_pattern
, p
);
204 else if (streq(field
, "timeout"))
205 r
= free_and_strdup(&config
->timeout
, p
);
206 else if (streq(field
, "editor"))
207 r
= free_and_strdup(&config
->editor
, p
);
208 else if (streq(field
, "auto-entries"))
209 r
= free_and_strdup(&config
->auto_entries
, p
);
210 else if (streq(field
, "auto-firmware"))
211 r
= free_and_strdup(&config
->auto_firmware
, p
);
212 else if (streq(field
, "console-mode"))
213 r
= free_and_strdup(&config
->console_mode
, p
);
215 log_notice("%s:%u: Unknown line \"%s\", ignoring.", path
, line
, field
);
219 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
225 static int boot_entry_compare(const BootEntry
*a
, const BootEntry
*b
) {
226 return str_verscmp(a
->id
, b
->id
);
229 static int boot_entries_find(
235 _cleanup_strv_free_
char **files
= NULL
;
236 size_t n_allocated
= *n_entries
;
246 r
= conf_files_list(&files
, ".conf", NULL
, 0, dir
, NULL
);
248 return log_error_errno(r
, "Failed to list files in \"%s\": %m", dir
);
250 STRV_FOREACH(f
, files
) {
251 if (!GREEDY_REALLOC0(*entries
, n_allocated
, *n_entries
+ 1))
254 r
= boot_entry_load(root
, *f
, *entries
+ *n_entries
);
263 typesafe_qsort(*entries
, *n_entries
, boot_entry_compare
);
268 static bool find_nonunique(BootEntry
*entries
, size_t n_entries
, bool *arr
) {
270 bool non_unique
= false;
272 assert(entries
|| n_entries
== 0);
273 assert(arr
|| n_entries
== 0);
275 for (i
= 0; i
< n_entries
; i
++)
278 for (i
= 0; i
< n_entries
; i
++)
279 for (j
= 0; j
< n_entries
; j
++)
280 if (i
!= j
&& streq(boot_entry_title(entries
+ i
),
281 boot_entry_title(entries
+ j
)))
282 non_unique
= arr
[i
] = arr
[j
] = true;
287 static int boot_entries_uniquify(BootEntry
*entries
, size_t n_entries
) {
293 assert(entries
|| n_entries
== 0);
295 /* Find _all_ non-unique titles */
296 if (!find_nonunique(entries
, n_entries
, arr
))
299 /* Add version to non-unique titles */
300 for (i
= 0; i
< n_entries
; i
++)
301 if (arr
[i
] && entries
[i
].version
) {
302 r
= asprintf(&s
, "%s (%s)", boot_entry_title(entries
+ i
), entries
[i
].version
);
306 free_and_replace(entries
[i
].show_title
, s
);
309 if (!find_nonunique(entries
, n_entries
, arr
))
312 /* Add machine-id to non-unique titles */
313 for (i
= 0; i
< n_entries
; i
++)
314 if (arr
[i
] && entries
[i
].machine_id
) {
315 r
= asprintf(&s
, "%s (%s)", boot_entry_title(entries
+ i
), entries
[i
].machine_id
);
319 free_and_replace(entries
[i
].show_title
, s
);
322 if (!find_nonunique(entries
, n_entries
, arr
))
325 /* Add file name to non-unique titles */
326 for (i
= 0; i
< n_entries
; i
++)
328 r
= asprintf(&s
, "%s (%s)", boot_entry_title(entries
+ i
), entries
[i
].id
);
332 free_and_replace(entries
[i
].show_title
, s
);
338 static int boot_entries_select_default(const BootConfig
*config
) {
343 if (config
->entry_oneshot
)
344 for (i
= config
->n_entries
- 1; i
>= 0; i
--)
345 if (streq(config
->entry_oneshot
, config
->entries
[i
].id
)) {
346 log_debug("Found default: id \"%s\" is matched by LoaderEntryOneShot",
347 config
->entries
[i
].id
);
351 if (config
->entry_default
)
352 for (i
= config
->n_entries
- 1; i
>= 0; i
--)
353 if (streq(config
->entry_default
, config
->entries
[i
].id
)) {
354 log_debug("Found default: id \"%s\" is matched by LoaderEntryDefault",
355 config
->entries
[i
].id
);
359 if (config
->default_pattern
)
360 for (i
= config
->n_entries
- 1; i
>= 0; i
--)
361 if (fnmatch(config
->default_pattern
, config
->entries
[i
].id
, FNM_CASEFOLD
) == 0) {
362 log_debug("Found default: id \"%s\" is matched by pattern \"%s\"",
363 config
->entries
[i
].id
, config
->default_pattern
);
367 if (config
->n_entries
> 0)
368 log_debug("Found default: last entry \"%s\"", config
->entries
[config
->n_entries
- 1].id
);
370 log_debug("Found no default boot entry :(");
372 return config
->n_entries
- 1; /* -1 means "no default" */
375 int boot_entries_load_config(
376 const char *esp_path
,
377 const char *xbootldr_path
,
378 BootConfig
*config
) {
386 p
= strjoina(esp_path
, "/loader/loader.conf");
387 r
= boot_loader_read_conf(p
, config
);
391 p
= strjoina(esp_path
, "/loader/entries");
392 r
= boot_entries_find(esp_path
, p
, &config
->entries
, &config
->n_entries
);
398 p
= strjoina(xbootldr_path
, "/loader/entries");
399 r
= boot_entries_find(xbootldr_path
, p
, &config
->entries
, &config
->n_entries
);
404 r
= boot_entries_uniquify(config
->entries
, config
->n_entries
);
406 return log_error_errno(r
, "Failed to uniquify boot entries: %m");
409 r
= efi_get_variable_string(EFI_VENDOR_LOADER
, "LoaderEntryOneShot", &config
->entry_oneshot
);
410 if (r
< 0 && r
!= -ENOENT
)
411 return log_error_errno(r
, "Failed to read EFI var \"LoaderEntryOneShot\": %m");
413 r
= efi_get_variable_string(EFI_VENDOR_LOADER
, "LoaderEntryDefault", &config
->entry_default
);
414 if (r
< 0 && r
!= -ENOENT
)
415 return log_error_errno(r
, "Failed to read EFI var \"LoaderEntryDefault\": %m");
418 config
->default_entry
= boot_entries_select_default(config
);
422 /********************************************************************************/
424 static int verify_esp_blkid(
428 uint64_t *ret_pstart
,
430 sd_id128_t
*ret_uuid
) {
432 sd_id128_t uuid
= SD_ID128_NULL
;
433 uint64_t pstart
= 0, psize
= 0;
437 _cleanup_(blkid_free_probep
) blkid_probe b
= NULL
;
438 _cleanup_free_
char *node
= NULL
;
442 r
= device_path_make_major_minor(S_IFBLK
, devid
, &node
);
444 return log_error_errno(r
, "Failed to format major/minor device path: %m");
447 b
= blkid_new_probe_from_filename(node
);
449 return log_error_errno(errno
?: SYNTHETIC_ERRNO(ENOMEM
), "Failed to open file system \"%s\": %m", node
);
451 blkid_probe_enable_superblocks(b
, 1);
452 blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
);
453 blkid_probe_enable_partitions(b
, 1);
454 blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
457 r
= blkid_do_safeprobe(b
);
459 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "File system \"%s\" is ambiguous.", node
);
461 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "File system \"%s\" does not contain a label.", node
);
463 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe file system \"%s\": %m", node
);
466 r
= blkid_probe_lookup_value(b
, "TYPE", &v
, NULL
);
468 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe file system type of \"%s\": %m", node
);
469 if (!streq(v
, "vfat"))
470 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
471 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
472 "File system \"%s\" is not FAT.", node
);
475 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_SCHEME", &v
, NULL
);
477 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition scheme of \"%s\": %m", node
);
478 if (!streq(v
, "gpt"))
479 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
480 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
481 "File system \"%s\" is not on a GPT partition table.", node
);
484 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_TYPE", &v
, NULL
);
486 return log_error_errno(errno
?: EIO
, "Failed to probe partition type UUID of \"%s\": %m", node
);
487 if (!streq(v
, "c12a7328-f81f-11d2-ba4b-00a0c93ec93b"))
488 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
489 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
490 "File system \"%s\" has wrong type for an EFI System Partition (ESP).", node
);
493 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_UUID", &v
, NULL
);
495 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition entry UUID of \"%s\": %m", node
);
496 r
= sd_id128_from_string(v
, &uuid
);
498 return log_error_errno(r
, "Partition \"%s\" has invalid UUID \"%s\".", node
, v
);
501 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_NUMBER", &v
, NULL
);
503 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition number of \"%s\": m", node
);
504 r
= safe_atou32(v
, &part
);
506 return log_error_errno(r
, "Failed to parse PART_ENTRY_NUMBER field.");
509 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_OFFSET", &v
, NULL
);
511 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition offset of \"%s\": %m", node
);
512 r
= safe_atou64(v
, &pstart
);
514 return log_error_errno(r
, "Failed to parse PART_ENTRY_OFFSET field.");
517 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_SIZE", &v
, NULL
);
519 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition size of \"%s\": %m", node
);
520 r
= safe_atou64(v
, &psize
);
522 return log_error_errno(r
, "Failed to parse PART_ENTRY_SIZE field.");
528 *ret_pstart
= pstart
;
537 static int verify_esp_udev(
541 uint64_t *ret_pstart
,
543 sd_id128_t
*ret_uuid
) {
545 _cleanup_(sd_device_unrefp
) sd_device
*d
= NULL
;
546 _cleanup_free_
char *node
= NULL
;
547 sd_id128_t uuid
= SD_ID128_NULL
;
548 uint64_t pstart
= 0, psize
= 0;
553 r
= device_path_make_major_minor(S_IFBLK
, devid
, &node
);
555 return log_error_errno(r
, "Failed to format major/minor device path: %m");
557 r
= sd_device_new_from_devnum(&d
, 'b', devid
);
559 return log_error_errno(r
, "Failed to get device from device number: %m");
561 r
= sd_device_get_property_value(d
, "ID_FS_TYPE", &v
);
563 return log_error_errno(r
, "Failed to get device property: %m");
564 if (!streq(v
, "vfat"))
565 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
566 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
567 "File system \"%s\" is not FAT.", node
);
569 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_SCHEME", &v
);
571 return log_error_errno(r
, "Failed to get device property: %m");
572 if (!streq(v
, "gpt"))
573 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
574 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
575 "File system \"%s\" is not on a GPT partition table.", node
);
577 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_TYPE", &v
);
579 return log_error_errno(r
, "Failed to get device property: %m");
580 if (!streq(v
, "c12a7328-f81f-11d2-ba4b-00a0c93ec93b"))
581 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
582 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
583 "File system \"%s\" has wrong type for an EFI System Partition (ESP).", node
);
585 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_UUID", &v
);
587 return log_error_errno(r
, "Failed to get device property: %m");
588 r
= sd_id128_from_string(v
, &uuid
);
590 return log_error_errno(r
, "Partition \"%s\" has invalid UUID \"%s\".", node
, v
);
592 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_NUMBER", &v
);
594 return log_error_errno(r
, "Failed to get device property: %m");
595 r
= safe_atou32(v
, &part
);
597 return log_error_errno(r
, "Failed to parse PART_ENTRY_NUMBER field.");
599 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_OFFSET", &v
);
601 return log_error_errno(r
, "Failed to get device property: %m");
602 r
= safe_atou64(v
, &pstart
);
604 return log_error_errno(r
, "Failed to parse PART_ENTRY_OFFSET field.");
606 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_SIZE", &v
);
608 return log_error_errno(r
, "Failed to get device property: %m");
609 r
= safe_atou64(v
, &psize
);
611 return log_error_errno(r
, "Failed to parse PART_ENTRY_SIZE field.");
616 *ret_pstart
= pstart
;
625 static int verify_esp(
628 bool unprivileged_mode
,
630 uint64_t *ret_pstart
,
632 sd_id128_t
*ret_uuid
) {
642 /* This logs about all errors, except:
644 * -ENOENT → if 'searching' is set, and the dir doesn't exist
645 * -EADDRNOTAVAIL → if 'searching' is set, and the dir doesn't look like an ESP
646 * -EACESS → if 'unprivileged_mode' is set, and we have trouble acessing the thing
649 relax_checks
= getenv_bool("SYSTEMD_RELAX_ESP_CHECKS") > 0;
651 /* Non-root user can only check the status, so if an error occured in the following, it does not cause any
652 * issues. Let's also, silence the error messages. */
655 if (statfs(p
, &sfs
) < 0)
656 /* If we are searching for the mount point, don't generate a log message if we can't find the path */
657 return log_full_errno((searching
&& errno
== ENOENT
) ||
658 (unprivileged_mode
&& errno
== EACCES
) ? LOG_DEBUG
: LOG_ERR
, errno
,
659 "Failed to check file system type of \"%s\": %m", p
);
661 if (!F_TYPE_EQUAL(sfs
.f_type
, MSDOS_SUPER_MAGIC
))
662 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
663 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
664 "File system \"%s\" is not a FAT EFI System Partition (ESP) file system.", p
);
667 if (stat(p
, &st
) < 0)
668 return log_full_errno((searching
&& errno
== ENOENT
) ||
669 (unprivileged_mode
&& errno
== EACCES
) ? LOG_DEBUG
: LOG_ERR
, errno
,
670 "Failed to determine block device node of \"%s\": %m", p
);
672 if (major(st
.st_dev
) == 0)
673 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
674 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
675 "Block device node of \"%s\" is invalid.", p
);
677 t2
= strjoina(p
, "/..");
680 return log_full_errno(unprivileged_mode
&& errno
== EACCES
? LOG_DEBUG
: LOG_ERR
, errno
,
681 "Failed to determine block device node of parent of \"%s\": %m", p
);
683 if (st
.st_dev
== st2
.st_dev
)
684 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
685 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
686 "Directory \"%s\" is not the root of the EFI System Partition (ESP) file system.", p
);
688 /* In a container we don't have access to block devices, skip this part of the verification, we trust
689 * the container manager set everything up correctly on its own. */
690 if (detect_container() > 0 || relax_checks
)
693 /* If we are unprivileged we ask udev for the metadata about the partition. If we are privileged we
694 * use blkid instead. Why? Because this code is called from 'bootctl' which is pretty much an
695 * emergency recovery tool that should also work when udev isn't up (i.e. from the emergency shell),
696 * however blkid can't work if we have no privileges to access block devices directly, which is why
697 * we use udev in that case. */
698 if (unprivileged_mode
)
699 return verify_esp_udev(st
.st_dev
, searching
, ret_part
, ret_pstart
, ret_psize
, ret_uuid
);
701 return verify_esp_blkid(st
.st_dev
, searching
, ret_part
, ret_pstart
, ret_psize
, ret_uuid
);
711 *ret_uuid
= SD_ID128_NULL
;
716 int find_esp_and_warn(
718 bool unprivileged_mode
,
721 uint64_t *ret_pstart
,
723 sd_id128_t
*ret_uuid
) {
727 /* This logs about all errors except:
729 * -ENOKEY → when we can't find the partition
730 * -EACCESS → when unprivileged_mode is true, and we can't access something
734 r
= verify_esp(path
, false, unprivileged_mode
, ret_part
, ret_pstart
, ret_psize
, ret_uuid
);
741 path
= getenv("SYSTEMD_ESP_PATH");
743 if (!path_is_valid(path
) || !path_is_absolute(path
))
744 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
745 "$SYSTEMD_ESP_PATH does not refer to absolute path, refusing to use it: %s",
748 /* Note: when the user explicitly configured things with an env var we won't validate the mount
749 * point. After all we want this to be useful for testing. */
753 FOREACH_STRING(path
, "/efi", "/boot", "/boot/efi") {
755 r
= verify_esp(path
, true, unprivileged_mode
, ret_part
, ret_pstart
, ret_psize
, ret_uuid
);
758 if (!IN_SET(r
, -ENOENT
, -EADDRNOTAVAIL
)) /* This one is not it */
762 /* No logging here */
779 static int verify_xbootldr_blkid(
782 sd_id128_t
*ret_uuid
) {
784 sd_id128_t uuid
= SD_ID128_NULL
;
787 _cleanup_(blkid_free_probep
) blkid_probe b
= NULL
;
788 _cleanup_free_
char *node
= NULL
;
792 r
= device_path_make_major_minor(S_IFBLK
, devid
, &node
);
794 return log_error_errno(r
, "Failed to format major/minor device path: %m");
796 b
= blkid_new_probe_from_filename(node
);
798 return log_error_errno(errno
?: SYNTHETIC_ERRNO(ENOMEM
), "Failed to open file system \"%s\": %m", node
);
800 blkid_probe_enable_partitions(b
, 1);
801 blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
804 r
= blkid_do_safeprobe(b
);
806 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "File system \"%s\" is ambiguous.", node
);
808 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "File system \"%s\" does not contain a label.", node
);
810 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe file system \"%s\": %m", node
);
813 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_SCHEME", &v
, NULL
);
815 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition scheme of \"%s\": %m", node
);
816 if (streq(v
, "gpt")) {
819 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_TYPE", &v
, NULL
);
821 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition type UUID of \"%s\": %m", node
);
822 if (!streq(v
, "bc13c2ff-59e6-4262-a352-b275fd6f7172"))
823 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
824 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
825 "File system \"%s\" has wrong type for extended boot loader partition.", node
);
828 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_UUID", &v
, NULL
);
830 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition entry UUID of \"%s\": %m", node
);
831 r
= sd_id128_from_string(v
, &uuid
);
833 return log_error_errno(r
, "Partition \"%s\" has invalid UUID \"%s\".", node
, v
);
835 } else if (streq(v
, "dos")) {
838 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_TYPE", &v
, NULL
);
840 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition type UUID of \"%s\": %m", node
);
841 if (!streq(v
, "0xea"))
842 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
843 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
844 "File system \"%s\" has wrong type for extended boot loader partition.", node
);
847 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
848 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
849 "File system \"%s\" is not on a GPT or DOS partition table.", node
);
858 static int verify_xbootldr(
861 bool unprivileged_mode
,
862 sd_id128_t
*ret_uuid
) {
871 relax_checks
= getenv_bool("SYSTEMD_RELAX_XBOOTLDR_CHECKS") > 0;
873 if (stat(p
, &st
) < 0)
874 return log_full_errno((searching
&& errno
== ENOENT
) ||
875 (unprivileged_mode
&& errno
== EACCES
) ? LOG_DEBUG
: LOG_ERR
, errno
,
876 "Failed to determine block device node of \"%s\": %m", p
);
878 if (major(st
.st_dev
) == 0)
879 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
880 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
881 "Block device node of \"%s\" is invalid.", p
);
883 t2
= strjoina(p
, "/..");
886 return log_full_errno(unprivileged_mode
&& errno
== EACCES
? LOG_DEBUG
: LOG_ERR
, errno
,
887 "Failed to determine block device node of parent of \"%s\": %m", p
);
889 if (st
.st_dev
== st2
.st_dev
)
890 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
891 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
892 "Directory \"%s\" is not the root of the XBOOTLDR file system.", p
);
894 /* In a container we don't have access to block devices, skip this part of the verification, we trust
895 * the container manager set everything up correctly on its own. Also skip the following verification
896 * for non-root user. */
897 if (detect_container() > 0 || unprivileged_mode
|| relax_checks
)
900 return verify_xbootldr_blkid(st
.st_dev
, searching
, ret_uuid
);
904 *ret_uuid
= SD_ID128_NULL
;
909 int find_xbootldr_and_warn(
911 bool unprivileged_mode
,
913 sd_id128_t
*ret_uuid
) {
917 /* Similar to find_esp_and_warn(), but finds the XBOOTLDR partition. Returns the same errors. */
920 r
= verify_xbootldr(path
, false, unprivileged_mode
, ret_uuid
);
927 path
= getenv("SYSTEMD_XBOOTLDR_PATH");
929 if (!path_is_valid(path
) || !path_is_absolute(path
))
930 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
931 "$SYSTEMD_XBOOTLDR_PATH does not refer to absolute path, refusing to use it: %s",
937 r
= verify_xbootldr("/boot", true, unprivileged_mode
, ret_uuid
);
942 if (!IN_SET(r
, -ENOENT
, -EADDRNOTAVAIL
)) /* This one is not it */
961 int find_default_boot_entry(
962 const char *esp_path
,
963 const char *xbootldr_path
,
965 const BootEntry
**e
) {
967 _cleanup_free_
char *esp_where
= NULL
, *xbootldr_where
= NULL
;
973 r
= find_esp_and_warn(esp_path
, false, &esp_where
, NULL
, NULL
, NULL
, NULL
);
977 r
= find_xbootldr_and_warn(xbootldr_path
, false, &xbootldr_where
, NULL
);
978 if (r
< 0 && r
!= -ENOKEY
)
981 r
= boot_entries_load_config(esp_where
, xbootldr_where
, config
);
983 return log_error_errno(r
, "Failed to load boot loader entries: %m");
985 if (config
->default_entry
< 0)
986 return log_error_errno(SYNTHETIC_ERRNO(ENOENT
),
987 "No boot loader entry suitable as default, refusing to guess.");
989 *e
= &config
->entries
[config
->default_entry
];
990 log_debug("Found default boot loader entry in file \"%s\"", (*e
)->path
);