1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <linux/magic.h>
10 #include "alloc-util.h"
11 #include "blkid-util.h"
12 #include "bootspec-fundamental.h"
14 #include "conf-files.h"
16 #include "device-nodes.h"
17 #include "dirent-util.h"
19 #include "efi-loader.h"
22 #include "errno-util.h"
25 #include "parse-util.h"
26 #include "path-util.h"
27 #include "pe-header.h"
28 #include "sort-util.h"
29 #include "stat-util.h"
30 #include "string-table.h"
31 #include "string-util.h"
33 #include "unaligned.h"
37 static void boot_entry_free(BootEntry
*entry
) {
45 free(entry
->show_title
);
47 free(entry
->machine_id
);
48 free(entry
->architecture
);
49 strv_free(entry
->options
);
52 strv_free(entry
->initrd
);
53 free(entry
->device_tree
);
56 static int boot_entry_load(
61 _cleanup_(boot_entry_free
) BootEntry tmp
= {
62 .type
= BOOT_ENTRY_CONF
,
65 _cleanup_fclose_
FILE *f
= NULL
;
74 c
= endswith_no_case(path
, ".conf");
76 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Invalid loader entry file suffix: %s", path
);
80 tmp
.id_old
= strndup(b
, c
- b
);
81 if (!tmp
.id
|| !tmp
.id_old
)
84 if (!efi_loader_entry_name_valid(tmp
.id
))
85 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Invalid loader entry name: %s", tmp
.id
);
87 tmp
.path
= strdup(path
);
91 tmp
.root
= strdup(root
);
95 f
= fopen(path
, "re");
97 return log_error_errno(errno
, "Failed to open \"%s\": %m", path
);
100 _cleanup_free_
char *buf
= NULL
, *field
= NULL
;
103 r
= read_line(f
, LONG_LINE_MAX
, &buf
);
107 return log_error_errno(r
, "%s:%u: Line too long", path
, line
);
109 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
113 if (IN_SET(*strstrip(buf
), '#', '\0'))
117 r
= extract_first_word(&p
, &field
, " \t", 0);
119 log_error_errno(r
, "Failed to parse config file %s line %u: %m", path
, line
);
123 log_warning("%s:%u: Bad syntax", path
, line
);
127 if (streq(field
, "title"))
128 r
= free_and_strdup(&tmp
.title
, p
);
129 else if (streq(field
, "version"))
130 r
= free_and_strdup(&tmp
.version
, p
);
131 else if (streq(field
, "machine-id"))
132 r
= free_and_strdup(&tmp
.machine_id
, p
);
133 else if (streq(field
, "architecture"))
134 r
= free_and_strdup(&tmp
.architecture
, p
);
135 else if (streq(field
, "options"))
136 r
= strv_extend(&tmp
.options
, p
);
137 else if (streq(field
, "linux"))
138 r
= free_and_strdup(&tmp
.kernel
, p
);
139 else if (streq(field
, "efi"))
140 r
= free_and_strdup(&tmp
.efi
, p
);
141 else if (streq(field
, "initrd"))
142 r
= strv_extend(&tmp
.initrd
, p
);
143 else if (streq(field
, "devicetree"))
144 r
= free_and_strdup(&tmp
.device_tree
, p
);
146 log_notice("%s:%u: Unknown line \"%s\", ignoring.", path
, line
, field
);
150 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
154 tmp
= (BootEntry
) {};
158 void boot_config_free(BootConfig
*config
) {
163 free(config
->default_pattern
);
164 free(config
->timeout
);
165 free(config
->editor
);
166 free(config
->auto_entries
);
167 free(config
->auto_firmware
);
168 free(config
->console_mode
);
169 free(config
->random_seed_mode
);
171 free(config
->entry_oneshot
);
172 free(config
->entry_default
);
174 for (i
= 0; i
< config
->n_entries
; i
++)
175 boot_entry_free(config
->entries
+ i
);
176 free(config
->entries
);
179 static int boot_loader_read_conf(const char *path
, BootConfig
*config
) {
180 _cleanup_fclose_
FILE *f
= NULL
;
187 f
= fopen(path
, "re");
192 return log_error_errno(errno
, "Failed to open \"%s\": %m", path
);
196 _cleanup_free_
char *buf
= NULL
, *field
= NULL
;
199 r
= read_line(f
, LONG_LINE_MAX
, &buf
);
203 return log_error_errno(r
, "%s:%u: Line too long", path
, line
);
205 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
209 if (IN_SET(*strstrip(buf
), '#', '\0'))
213 r
= extract_first_word(&p
, &field
, " \t", 0);
215 log_error_errno(r
, "Failed to parse config file %s line %u: %m", path
, line
);
219 log_warning("%s:%u: Bad syntax", path
, line
);
223 if (streq(field
, "default"))
224 r
= free_and_strdup(&config
->default_pattern
, p
);
225 else if (streq(field
, "timeout"))
226 r
= free_and_strdup(&config
->timeout
, p
);
227 else if (streq(field
, "editor"))
228 r
= free_and_strdup(&config
->editor
, p
);
229 else if (streq(field
, "auto-entries"))
230 r
= free_and_strdup(&config
->auto_entries
, p
);
231 else if (streq(field
, "auto-firmware"))
232 r
= free_and_strdup(&config
->auto_firmware
, p
);
233 else if (streq(field
, "console-mode"))
234 r
= free_and_strdup(&config
->console_mode
, p
);
235 else if (streq(field
, "random-seed-mode"))
236 r
= free_and_strdup(&config
->random_seed_mode
, p
);
238 log_notice("%s:%u: Unknown line \"%s\", ignoring.", path
, line
, field
);
242 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
248 static int boot_entry_compare(const BootEntry
*a
, const BootEntry
*b
) {
249 return strverscmp_improved(a
->id
, b
->id
);
252 static int boot_entries_find(
258 _cleanup_strv_free_
char **files
= NULL
;
267 r
= conf_files_list(&files
, ".conf", NULL
, 0, dir
);
269 return log_error_errno(r
, "Failed to list files in \"%s\": %m", dir
);
271 STRV_FOREACH(f
, files
) {
272 if (!GREEDY_REALLOC0(*entries
, *n_entries
+ 1))
275 r
= boot_entry_load(root
, *f
, *entries
+ *n_entries
);
285 static int boot_entry_load_unified(
288 const char *osrelease
,
292 _cleanup_free_
char *os_pretty_name
= NULL
, *os_image_id
= NULL
, *os_name
= NULL
, *os_id
= NULL
,
293 *os_image_version
= NULL
, *os_version
= NULL
, *os_version_id
= NULL
, *os_build_id
= NULL
;
294 _cleanup_(boot_entry_free
) BootEntry tmp
= {
295 .type
= BOOT_ENTRY_UNIFIED
,
297 const char *k
, *good_name
, *good_version
;
298 _cleanup_fclose_
FILE *f
= NULL
;
305 k
= path_startswith(path
, root
);
307 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Path is not below root: %s", path
);
309 f
= fmemopen_unlocked((void*) osrelease
, strlen(osrelease
), "r");
311 return log_error_errno(errno
, "Failed to open os-release buffer: %m");
313 r
= parse_env_file(f
, "os-release",
314 "PRETTY_NAME", &os_pretty_name
,
315 "IMAGE_ID", &os_image_id
,
318 "IMAGE_VERSION", &os_image_version
,
319 "VERSION", &os_version
,
320 "VERSION_ID", &os_version_id
,
321 "BUILD_ID", &os_build_id
);
323 return log_error_errno(r
, "Failed to parse os-release data from unified kernel image %s: %m", path
);
325 if (!bootspec_pick_name_version(
336 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "Missing fields in os-release data from unified kernel image %s, refusing.", path
);
338 r
= path_extract_filename(path
, &tmp
.id
);
340 return log_error_errno(r
, "Failed to extract file name from '%s': %m", path
);
342 if (!efi_loader_entry_name_valid(tmp
.id
))
343 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Invalid loader entry name: %s", tmp
.id
);
345 if (os_id
&& os_version_id
) {
346 tmp
.id_old
= strjoin(os_id
, "-", os_version_id
);
351 tmp
.path
= strdup(path
);
355 tmp
.root
= strdup(root
);
359 tmp
.kernel
= strdup(skip_leading_chars(k
, "/"));
363 tmp
.options
= strv_new(skip_leading_chars(cmdline
, WHITESPACE
));
367 delete_trailing_chars(tmp
.options
[0], WHITESPACE
);
369 tmp
.title
= strdup(good_name
);
373 tmp
.version
= strdup(good_version
);
378 tmp
= (BootEntry
) {};
382 /* Maximum PE section we are willing to load (Note that sections we are not interested in may be larger, but
383 * the ones we do care about and we are willing to load into memory have this size limit.) */
384 #define PE_SECTION_SIZE_MAX (4U*1024U*1024U)
386 static int find_sections(
388 char **ret_osrelease
,
389 char **ret_cmdline
) {
391 _cleanup_free_
struct PeSectionHeader
*sections
= NULL
;
392 _cleanup_free_
char *osrelease
= NULL
, *cmdline
= NULL
;
393 size_t i
, n_sections
;
394 struct DosFileHeader dos
;
399 n
= pread(fd
, &dos
, sizeof(dos
), 0);
401 return log_error_errno(errno
, "Failed read DOS header: %m");
402 if (n
!= sizeof(dos
))
403 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Short read while reading DOS header, refusing.");
405 if (dos
.Magic
[0] != 'M' || dos
.Magic
[1] != 'Z')
406 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "DOS executable magic missing, refusing.");
408 start
= unaligned_read_le32(&dos
.ExeHeader
);
409 n
= pread(fd
, &pe
, sizeof(pe
), start
);
411 return log_error_errno(errno
, "Failed to read PE header: %m");
413 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Short read while reading PE header, refusing.");
415 if (pe
.Magic
[0] != 'P' || pe
.Magic
[1] != 'E' || pe
.Magic
[2] != 0 || pe
.Magic
[3] != 0)
416 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "PE executable magic missing, refusing.");
418 n_sections
= unaligned_read_le16(&pe
.FileHeader
.NumberOfSections
);
420 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "PE header has too many sections, refusing.");
422 sections
= new(struct PeSectionHeader
, n_sections
);
426 n
= pread(fd
, sections
,
427 n_sections
* sizeof(struct PeSectionHeader
),
428 start
+ sizeof(pe
) + unaligned_read_le16(&pe
.FileHeader
.SizeOfOptionalHeader
));
430 return log_error_errno(errno
, "Failed to read section data: %m");
431 if ((size_t) n
!= n_sections
* sizeof(struct PeSectionHeader
))
432 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Short read while reading sections, refusing.");
434 for (i
= 0; i
< n_sections
; i
++) {
435 _cleanup_free_
char *k
= NULL
;
436 uint32_t offset
, size
;
439 if (strneq((char*) sections
[i
].Name
, ".osrel", sizeof(sections
[i
].Name
)))
441 else if (strneq((char*) sections
[i
].Name
, ".cmdline", sizeof(sections
[i
].Name
)))
447 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "Duplicate section %s, refusing.", sections
[i
].Name
);
449 offset
= unaligned_read_le32(§ions
[i
].PointerToRawData
);
450 size
= unaligned_read_le32(§ions
[i
].VirtualSize
);
452 if (size
> PE_SECTION_SIZE_MAX
)
453 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "Section %s too large, refusing.", sections
[i
].Name
);
455 k
= new(char, size
+1);
459 n
= pread(fd
, k
, size
, offset
);
461 return log_error_errno(errno
, "Failed to read section payload: %m");
462 if ((size_t) n
!= size
)
463 return log_error_errno(SYNTHETIC_ERRNO(EIO
), "Short read while reading section payload, refusing:");
465 /* Allow one trailing NUL byte, but nothing more. */
466 if (size
> 0 && memchr(k
, 0, size
- 1))
467 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "Section contains embedded NUL byte: %m");
474 return log_error_errno(SYNTHETIC_ERRNO(EBADMSG
), "Image lacks .osrel section, refusing.");
477 *ret_osrelease
= TAKE_PTR(osrelease
);
479 *ret_cmdline
= TAKE_PTR(cmdline
);
484 static int boot_entries_find_unified(
490 _cleanup_(closedirp
) DIR *d
= NULL
;
503 return log_error_errno(errno
, "Failed to open %s: %m", dir
);
506 FOREACH_DIRENT(de
, d
, return log_error_errno(errno
, "Failed to read %s: %m", dir
)) {
507 _cleanup_free_
char *j
= NULL
, *osrelease
= NULL
, *cmdline
= NULL
;
508 _cleanup_close_
int fd
= -1;
510 if (!dirent_is_file(de
))
513 if (!endswith_no_case(de
->d_name
, ".efi"))
516 if (!GREEDY_REALLOC0(*entries
, *n_entries
+ 1))
519 fd
= openat(dirfd(d
), de
->d_name
, O_RDONLY
|O_CLOEXEC
|O_NONBLOCK
);
521 log_warning_errno(errno
, "Failed to open %s/%s, ignoring: %m", dir
, de
->d_name
);
525 r
= fd_verify_regular(fd
);
527 log_warning_errno(r
, "File %s/%s is not regular, ignoring: %m", dir
, de
->d_name
);
531 r
= find_sections(fd
, &osrelease
, &cmdline
);
535 j
= path_join(dir
, de
->d_name
);
539 r
= boot_entry_load_unified(root
, j
, osrelease
, cmdline
, *entries
+ *n_entries
);
549 static bool find_nonunique(BootEntry
*entries
, size_t n_entries
, bool *arr
) {
551 bool non_unique
= false;
553 assert(entries
|| n_entries
== 0);
554 assert(arr
|| n_entries
== 0);
556 for (i
= 0; i
< n_entries
; i
++)
559 for (i
= 0; i
< n_entries
; i
++)
560 for (j
= 0; j
< n_entries
; j
++)
561 if (i
!= j
&& streq(boot_entry_title(entries
+ i
),
562 boot_entry_title(entries
+ j
)))
563 non_unique
= arr
[i
] = arr
[j
] = true;
568 static int boot_entries_uniquify(BootEntry
*entries
, size_t n_entries
) {
574 assert(entries
|| n_entries
== 0);
576 /* Find _all_ non-unique titles */
577 if (!find_nonunique(entries
, n_entries
, arr
))
580 /* Add version to non-unique titles */
581 for (i
= 0; i
< n_entries
; i
++)
582 if (arr
[i
] && entries
[i
].version
) {
583 r
= asprintf(&s
, "%s (%s)", boot_entry_title(entries
+ i
), entries
[i
].version
);
587 free_and_replace(entries
[i
].show_title
, s
);
590 if (!find_nonunique(entries
, n_entries
, arr
))
593 /* Add machine-id to non-unique titles */
594 for (i
= 0; i
< n_entries
; i
++)
595 if (arr
[i
] && entries
[i
].machine_id
) {
596 r
= asprintf(&s
, "%s (%s)", boot_entry_title(entries
+ i
), entries
[i
].machine_id
);
600 free_and_replace(entries
[i
].show_title
, s
);
603 if (!find_nonunique(entries
, n_entries
, arr
))
606 /* Add file name to non-unique titles */
607 for (i
= 0; i
< n_entries
; i
++)
609 r
= asprintf(&s
, "%s (%s)", boot_entry_title(entries
+ i
), entries
[i
].id
);
613 free_and_replace(entries
[i
].show_title
, s
);
619 static int boot_entries_select_default(const BootConfig
*config
) {
623 assert(config
->entries
|| config
->n_entries
== 0);
625 if (config
->n_entries
== 0) {
626 log_debug("Found no default boot entry :(");
627 return -1; /* -1 means "no default" */
630 if (config
->entry_oneshot
)
631 for (i
= config
->n_entries
- 1; i
>= 0; i
--)
632 if (streq(config
->entry_oneshot
, config
->entries
[i
].id
)) {
633 log_debug("Found default: id \"%s\" is matched by LoaderEntryOneShot",
634 config
->entries
[i
].id
);
638 if (config
->entry_default
)
639 for (i
= config
->n_entries
- 1; i
>= 0; i
--)
640 if (streq(config
->entry_default
, config
->entries
[i
].id
)) {
641 log_debug("Found default: id \"%s\" is matched by LoaderEntryDefault",
642 config
->entries
[i
].id
);
646 if (config
->default_pattern
)
647 for (i
= config
->n_entries
- 1; i
>= 0; i
--)
648 if (fnmatch(config
->default_pattern
, config
->entries
[i
].id
, FNM_CASEFOLD
) == 0) {
649 log_debug("Found default: id \"%s\" is matched by pattern \"%s\"",
650 config
->entries
[i
].id
, config
->default_pattern
);
654 log_debug("Found default: last entry \"%s\"", config
->entries
[config
->n_entries
- 1].id
);
655 return config
->n_entries
- 1;
658 int boot_entries_load_config(
659 const char *esp_path
,
660 const char *xbootldr_path
,
661 BootConfig
*config
) {
669 p
= strjoina(esp_path
, "/loader/loader.conf");
670 r
= boot_loader_read_conf(p
, config
);
674 p
= strjoina(esp_path
, "/loader/entries");
675 r
= boot_entries_find(esp_path
, p
, &config
->entries
, &config
->n_entries
);
679 p
= strjoina(esp_path
, "/EFI/Linux/");
680 r
= boot_entries_find_unified(esp_path
, p
, &config
->entries
, &config
->n_entries
);
686 p
= strjoina(xbootldr_path
, "/loader/entries");
687 r
= boot_entries_find(xbootldr_path
, p
, &config
->entries
, &config
->n_entries
);
691 p
= strjoina(xbootldr_path
, "/EFI/Linux/");
692 r
= boot_entries_find_unified(xbootldr_path
, p
, &config
->entries
, &config
->n_entries
);
697 typesafe_qsort(config
->entries
, config
->n_entries
, boot_entry_compare
);
699 r
= boot_entries_uniquify(config
->entries
, config
->n_entries
);
701 return log_error_errno(r
, "Failed to uniquify boot entries: %m");
704 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(LoaderEntryOneShot
), &config
->entry_oneshot
);
705 if (r
< 0 && !IN_SET(r
, -ENOENT
, -ENODATA
)) {
706 log_warning_errno(r
, "Failed to read EFI variable \"LoaderEntryOneShot\": %m");
711 r
= efi_get_variable_string(EFI_LOADER_VARIABLE(LoaderEntryDefault
), &config
->entry_default
);
712 if (r
< 0 && !IN_SET(r
, -ENOENT
, -ENODATA
)) {
713 log_warning_errno(r
, "Failed to read EFI variable \"LoaderEntryDefault\": %m");
719 config
->default_entry
= boot_entries_select_default(config
);
723 int boot_entries_load_config_auto(
724 const char *override_esp_path
,
725 const char *override_xbootldr_path
,
726 BootConfig
*config
) {
728 _cleanup_free_
char *esp_where
= NULL
, *xbootldr_where
= NULL
;
733 /* This function is similar to boot_entries_load_config(), however we automatically search for the
734 * ESP and the XBOOTLDR partition unless it is explicitly specified. Also, if the user did not pass
735 * an ESP or XBOOTLDR path directly, let's see if /run/boot-loader-entries/ exists. If so, let's
736 * read data from there, as if it was an ESP (i.e. loading both entries and loader.conf data from
737 * it). This allows other boot loaders to pass boot loader entry information to our tools if they
740 if (!override_esp_path
&& !override_xbootldr_path
) {
741 if (access("/run/boot-loader-entries/", F_OK
) >= 0)
742 return boot_entries_load_config("/run/boot-loader-entries/", NULL
, config
);
745 return log_error_errno(errno
,
746 "Failed to determine whether /run/boot-loader-entries/ exists: %m");
749 r
= find_esp_and_warn(override_esp_path
, false, &esp_where
, NULL
, NULL
, NULL
, NULL
);
750 if (r
< 0) /* we don't log about ENOKEY here, but propagate it, leaving it to the caller to log */
753 r
= find_xbootldr_and_warn(override_xbootldr_path
, false, &xbootldr_where
, NULL
);
754 if (r
< 0 && r
!= -ENOKEY
)
755 return r
; /* It's fine if the XBOOTLDR partition doesn't exist, hence we ignore ENOKEY here */
757 return boot_entries_load_config(esp_where
, xbootldr_where
, config
);
760 int boot_entries_augment_from_loader(
762 char **found_by_loader
,
765 static const char *const title_table
[] = {
766 /* Pretty names for a few well-known automatically discovered entries. */
768 "auto-windows", "Windows Boot Manager",
769 "auto-efi-shell", "EFI Shell",
770 "auto-efi-default", "EFI Default Loader",
771 "auto-reboot-to-firmware-setup", "Reboot Into Firmware Interface",
778 /* Let's add the entries discovered by the boot loader to the end of our list, unless they are
779 * already included there. */
781 STRV_FOREACH(i
, found_by_loader
) {
782 _cleanup_free_
char *c
= NULL
, *t
= NULL
, *p
= NULL
;
785 if (boot_config_has_entry(config
, *i
))
788 if (only_auto
&& !startswith(*i
, "auto-"))
795 STRV_FOREACH_PAIR(a
, b
, (char**) title_table
)
803 p
= strdup(EFIVAR_PATH(EFI_LOADER_VARIABLE(LoaderEntries
)));
807 if (!GREEDY_REALLOC0(config
->entries
, config
->n_entries
+ 1))
810 config
->entries
[config
->n_entries
++] = (BootEntry
) {
811 .type
= BOOT_ENTRY_LOADER
,
813 .title
= TAKE_PTR(t
),
821 /********************************************************************************/
823 static int verify_esp_blkid(
827 uint64_t *ret_pstart
,
829 sd_id128_t
*ret_uuid
) {
831 sd_id128_t uuid
= SD_ID128_NULL
;
832 uint64_t pstart
= 0, psize
= 0;
836 _cleanup_(blkid_free_probep
) blkid_probe b
= NULL
;
837 _cleanup_free_
char *node
= NULL
;
841 r
= device_path_make_major_minor(S_IFBLK
, devid
, &node
);
843 return log_error_errno(r
, "Failed to format major/minor device path: %m");
846 b
= blkid_new_probe_from_filename(node
);
848 return log_error_errno(errno
?: SYNTHETIC_ERRNO(ENOMEM
), "Failed to open file system \"%s\": %m", node
);
850 blkid_probe_enable_superblocks(b
, 1);
851 blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
);
852 blkid_probe_enable_partitions(b
, 1);
853 blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
856 r
= blkid_do_safeprobe(b
);
858 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "File system \"%s\" is ambiguous.", node
);
860 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "File system \"%s\" does not contain a label.", node
);
862 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe file system \"%s\": %m", node
);
864 r
= blkid_probe_lookup_value(b
, "TYPE", &v
, NULL
);
866 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
867 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
868 "No filesystem found on \"%s\": %m", node
);
869 if (!streq(v
, "vfat"))
870 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
871 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
872 "File system \"%s\" is not FAT.", node
);
874 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_SCHEME", &v
, NULL
);
876 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
877 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
878 "File system \"%s\" is not located on a partitioned block device.", node
);
879 if (!streq(v
, "gpt"))
880 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
881 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
882 "File system \"%s\" is not on a GPT partition table.", node
);
885 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_TYPE", &v
, NULL
);
887 return log_error_errno(errno
?: EIO
, "Failed to probe partition type UUID of \"%s\": %m", node
);
888 if (!streq(v
, "c12a7328-f81f-11d2-ba4b-00a0c93ec93b"))
889 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
890 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
891 "File system \"%s\" has wrong type for an EFI System Partition (ESP).", node
);
894 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_UUID", &v
, NULL
);
896 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition entry UUID of \"%s\": %m", node
);
897 r
= sd_id128_from_string(v
, &uuid
);
899 return log_error_errno(r
, "Partition \"%s\" has invalid UUID \"%s\".", node
, v
);
902 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_NUMBER", &v
, NULL
);
904 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition number of \"%s\": %m", node
);
905 r
= safe_atou32(v
, &part
);
907 return log_error_errno(r
, "Failed to parse PART_ENTRY_NUMBER field.");
910 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_OFFSET", &v
, NULL
);
912 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition offset of \"%s\": %m", node
);
913 r
= safe_atou64(v
, &pstart
);
915 return log_error_errno(r
, "Failed to parse PART_ENTRY_OFFSET field.");
918 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_SIZE", &v
, NULL
);
920 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition size of \"%s\": %m", node
);
921 r
= safe_atou64(v
, &psize
);
923 return log_error_errno(r
, "Failed to parse PART_ENTRY_SIZE field.");
929 *ret_pstart
= pstart
;
938 static int verify_esp_udev(
942 uint64_t *ret_pstart
,
944 sd_id128_t
*ret_uuid
) {
946 _cleanup_(sd_device_unrefp
) sd_device
*d
= NULL
;
947 _cleanup_free_
char *node
= NULL
;
948 sd_id128_t uuid
= SD_ID128_NULL
;
949 uint64_t pstart
= 0, psize
= 0;
954 r
= device_path_make_major_minor(S_IFBLK
, devid
, &node
);
956 return log_error_errno(r
, "Failed to format major/minor device path: %m");
958 r
= sd_device_new_from_devnum(&d
, 'b', devid
);
960 return log_error_errno(r
, "Failed to get device from device number: %m");
962 r
= sd_device_get_property_value(d
, "ID_FS_TYPE", &v
);
964 return log_error_errno(r
, "Failed to get device property: %m");
965 if (!streq(v
, "vfat"))
966 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
967 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
968 "File system \"%s\" is not FAT.", node
);
970 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_SCHEME", &v
);
972 return log_error_errno(r
, "Failed to get device property: %m");
973 if (!streq(v
, "gpt"))
974 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
975 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
976 "File system \"%s\" is not on a GPT partition table.", node
);
978 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_TYPE", &v
);
980 return log_error_errno(r
, "Failed to get device property: %m");
981 if (!streq(v
, "c12a7328-f81f-11d2-ba4b-00a0c93ec93b"))
982 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
983 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
984 "File system \"%s\" has wrong type for an EFI System Partition (ESP).", node
);
986 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_UUID", &v
);
988 return log_error_errno(r
, "Failed to get device property: %m");
989 r
= sd_id128_from_string(v
, &uuid
);
991 return log_error_errno(r
, "Partition \"%s\" has invalid UUID \"%s\".", node
, v
);
993 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_NUMBER", &v
);
995 return log_error_errno(r
, "Failed to get device property: %m");
996 r
= safe_atou32(v
, &part
);
998 return log_error_errno(r
, "Failed to parse PART_ENTRY_NUMBER field.");
1000 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_OFFSET", &v
);
1002 return log_error_errno(r
, "Failed to get device property: %m");
1003 r
= safe_atou64(v
, &pstart
);
1005 return log_error_errno(r
, "Failed to parse PART_ENTRY_OFFSET field.");
1007 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_SIZE", &v
);
1009 return log_error_errno(r
, "Failed to get device property: %m");
1010 r
= safe_atou64(v
, &psize
);
1012 return log_error_errno(r
, "Failed to parse PART_ENTRY_SIZE field.");
1017 *ret_pstart
= pstart
;
1026 static int verify_fsroot_dir(
1029 bool unprivileged_mode
,
1032 struct stat st
, st2
;
1033 const char *t2
, *trigger
;
1039 /* So, the ESP and XBOOTLDR partition are commonly located on an autofs mount. stat() on the
1040 * directory won't trigger it, if it is not mounted yet. Let's hence explicitly trigger it here,
1041 * before stat()ing */
1042 trigger
= strjoina(path
, "/trigger"); /* Filename doesn't matter... */
1043 (void) access(trigger
, F_OK
);
1045 if (stat(path
, &st
) < 0)
1046 return log_full_errno((searching
&& errno
== ENOENT
) ||
1047 (unprivileged_mode
&& errno
== EACCES
) ? LOG_DEBUG
: LOG_ERR
, errno
,
1048 "Failed to determine block device node of \"%s\": %m", path
);
1050 if (major(st
.st_dev
) == 0)
1051 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
1052 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
1053 "Block device node of \"%s\" is invalid.", path
);
1055 if (path_equal(path
, "/")) {
1056 /* Let's assume that the root directory of the OS is always the root of its file system
1057 * (which technically doesn't have to be the case, but it's close enough, and it's not easy
1058 * to be fully correct for it, since we can't look further up than the root dir easily.) */
1060 *ret_dev
= st
.st_dev
;
1065 t2
= strjoina(path
, "/..");
1066 if (stat(t2
, &st2
) < 0) {
1067 if (errno
!= EACCES
)
1070 _cleanup_free_
char *parent
= NULL
;
1072 /* If going via ".." didn't work due to EACCESS, then let's determine the parent path
1073 * directly instead. It's not as good, due to symlinks and such, but we can't do
1074 * anything better here. */
1076 parent
= dirname_malloc(path
);
1080 r
= RET_NERRNO(stat(parent
, &st2
));
1084 return log_full_errno(unprivileged_mode
&& r
== -EACCES
? LOG_DEBUG
: LOG_ERR
, r
,
1085 "Failed to determine block device node of parent of \"%s\": %m", path
);
1088 if (st
.st_dev
== st2
.st_dev
)
1089 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
1090 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
1091 "Directory \"%s\" is not the root of the file system.", path
);
1094 *ret_dev
= st
.st_dev
;
1099 static int verify_esp(
1102 bool unprivileged_mode
,
1104 uint64_t *ret_pstart
,
1105 uint64_t *ret_psize
,
1106 sd_id128_t
*ret_uuid
) {
1114 /* This logs about all errors, except:
1116 * -ENOENT → if 'searching' is set, and the dir doesn't exist
1117 * -EADDRNOTAVAIL → if 'searching' is set, and the dir doesn't look like an ESP
1118 * -EACESS → if 'unprivileged_mode' is set, and we have trouble accessing the thing
1121 relax_checks
= getenv_bool("SYSTEMD_RELAX_ESP_CHECKS") > 0;
1123 /* Non-root user can only check the status, so if an error occurred in the following, it does not cause any
1124 * issues. Let's also, silence the error messages. */
1126 if (!relax_checks
) {
1129 if (statfs(p
, &sfs
) < 0)
1130 /* If we are searching for the mount point, don't generate a log message if we can't find the path */
1131 return log_full_errno((searching
&& errno
== ENOENT
) ||
1132 (unprivileged_mode
&& errno
== EACCES
) ? LOG_DEBUG
: LOG_ERR
, errno
,
1133 "Failed to check file system type of \"%s\": %m", p
);
1135 if (!F_TYPE_EQUAL(sfs
.f_type
, MSDOS_SUPER_MAGIC
))
1136 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
1137 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
1138 "File system \"%s\" is not a FAT EFI System Partition (ESP) file system.", p
);
1141 r
= verify_fsroot_dir(p
, searching
, unprivileged_mode
, &devid
);
1145 /* In a container we don't have access to block devices, skip this part of the verification, we trust
1146 * the container manager set everything up correctly on its own. */
1147 if (detect_container() > 0 || relax_checks
)
1150 /* If we are unprivileged we ask udev for the metadata about the partition. If we are privileged we
1151 * use blkid instead. Why? Because this code is called from 'bootctl' which is pretty much an
1152 * emergency recovery tool that should also work when udev isn't up (i.e. from the emergency shell),
1153 * however blkid can't work if we have no privileges to access block devices directly, which is why
1154 * we use udev in that case. */
1155 if (unprivileged_mode
)
1156 return verify_esp_udev(devid
, searching
, ret_part
, ret_pstart
, ret_psize
, ret_uuid
);
1158 return verify_esp_blkid(devid
, searching
, ret_part
, ret_pstart
, ret_psize
, ret_uuid
);
1168 *ret_uuid
= SD_ID128_NULL
;
1173 int find_esp_and_warn(
1175 bool unprivileged_mode
,
1178 uint64_t *ret_pstart
,
1179 uint64_t *ret_psize
,
1180 sd_id128_t
*ret_uuid
) {
1184 /* This logs about all errors except:
1186 * -ENOKEY → when we can't find the partition
1187 * -EACCESS → when unprivileged_mode is true, and we can't access something
1191 r
= verify_esp(path
, false, unprivileged_mode
, ret_part
, ret_pstart
, ret_psize
, ret_uuid
);
1198 path
= getenv("SYSTEMD_ESP_PATH");
1200 if (!path_is_valid(path
) || !path_is_absolute(path
))
1201 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1202 "$SYSTEMD_ESP_PATH does not refer to absolute path, refusing to use it: %s",
1205 /* Note: when the user explicitly configured things with an env var we won't validate the mount
1206 * point. After all we want this to be useful for testing. */
1210 FOREACH_STRING(path
, "/efi", "/boot", "/boot/efi") {
1212 r
= verify_esp(path
, true, unprivileged_mode
, ret_part
, ret_pstart
, ret_psize
, ret_uuid
);
1215 if (!IN_SET(r
, -ENOENT
, -EADDRNOTAVAIL
)) /* This one is not it */
1219 /* No logging here */
1236 static int verify_xbootldr_blkid(
1239 sd_id128_t
*ret_uuid
) {
1241 sd_id128_t uuid
= SD_ID128_NULL
;
1244 _cleanup_(blkid_free_probep
) blkid_probe b
= NULL
;
1245 _cleanup_free_
char *node
= NULL
;
1249 r
= device_path_make_major_minor(S_IFBLK
, devid
, &node
);
1251 return log_error_errno(r
, "Failed to format major/minor device path: %m");
1253 b
= blkid_new_probe_from_filename(node
);
1255 return log_error_errno(errno
?: SYNTHETIC_ERRNO(ENOMEM
), "Failed to open file system \"%s\": %m", node
);
1257 blkid_probe_enable_partitions(b
, 1);
1258 blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
1261 r
= blkid_do_safeprobe(b
);
1263 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "File system \"%s\" is ambiguous.", node
);
1265 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "File system \"%s\" does not contain a label.", node
);
1267 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe file system \"%s\": %m", node
);
1270 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_SCHEME", &v
, NULL
);
1272 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition scheme of \"%s\": %m", node
);
1273 if (streq(v
, "gpt")) {
1276 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_TYPE", &v
, NULL
);
1278 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition type UUID of \"%s\": %m", node
);
1279 if (!streq(v
, "bc13c2ff-59e6-4262-a352-b275fd6f7172"))
1280 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
1281 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
1282 "File system \"%s\" has wrong type for extended boot loader partition.", node
);
1285 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_UUID", &v
, NULL
);
1287 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition entry UUID of \"%s\": %m", node
);
1288 r
= sd_id128_from_string(v
, &uuid
);
1290 return log_error_errno(r
, "Partition \"%s\" has invalid UUID \"%s\".", node
, v
);
1292 } else if (streq(v
, "dos")) {
1295 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_TYPE", &v
, NULL
);
1297 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition type UUID of \"%s\": %m", node
);
1298 if (!streq(v
, "0xea"))
1299 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
1300 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
1301 "File system \"%s\" has wrong type for extended boot loader partition.", node
);
1304 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
1305 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
1306 "File system \"%s\" is not on a GPT or DOS partition table.", node
);
1315 static int verify_xbootldr_udev(
1318 sd_id128_t
*ret_uuid
) {
1320 _cleanup_(sd_device_unrefp
) sd_device
*d
= NULL
;
1321 _cleanup_free_
char *node
= NULL
;
1322 sd_id128_t uuid
= SD_ID128_NULL
;
1326 r
= device_path_make_major_minor(S_IFBLK
, devid
, &node
);
1328 return log_error_errno(r
, "Failed to format major/minor device path: %m");
1330 r
= sd_device_new_from_devnum(&d
, 'b', devid
);
1332 return log_error_errno(r
, "Failed to get device from device number: %m");
1334 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_SCHEME", &v
);
1336 return log_error_errno(r
, "Failed to get device property: %m");
1338 if (streq(v
, "gpt")) {
1340 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_TYPE", &v
);
1342 return log_error_errno(r
, "Failed to get device property: %m");
1343 if (!streq(v
, "bc13c2ff-59e6-4262-a352-b275fd6f7172"))
1344 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
1345 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
1346 "File system \"%s\" has wrong type for extended boot loader partition.", node
);
1348 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_UUID", &v
);
1350 return log_error_errno(r
, "Failed to get device property: %m");
1351 r
= sd_id128_from_string(v
, &uuid
);
1353 return log_error_errno(r
, "Partition \"%s\" has invalid UUID \"%s\".", node
, v
);
1355 } else if (streq(v
, "dos")) {
1357 r
= sd_device_get_property_value(d
, "ID_PART_ENTRY_TYPE", &v
);
1359 return log_error_errno(r
, "Failed to get device property: %m");
1360 if (!streq(v
, "0xea"))
1361 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
1362 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
1363 "File system \"%s\" has wrong type for extended boot loader partition.", node
);
1365 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
1366 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
1367 "File system \"%s\" is not on a GPT or DOS partition table.", node
);
1375 static int verify_xbootldr(
1378 bool unprivileged_mode
,
1379 sd_id128_t
*ret_uuid
) {
1387 relax_checks
= getenv_bool("SYSTEMD_RELAX_XBOOTLDR_CHECKS") > 0;
1389 r
= verify_fsroot_dir(p
, searching
, unprivileged_mode
, &devid
);
1393 if (detect_container() > 0 || relax_checks
)
1396 if (unprivileged_mode
)
1397 return verify_xbootldr_udev(devid
, searching
, ret_uuid
);
1399 return verify_xbootldr_blkid(devid
, searching
, ret_uuid
);
1403 *ret_uuid
= SD_ID128_NULL
;
1408 int find_xbootldr_and_warn(
1410 bool unprivileged_mode
,
1412 sd_id128_t
*ret_uuid
) {
1416 /* Similar to find_esp_and_warn(), but finds the XBOOTLDR partition. Returns the same errors. */
1419 r
= verify_xbootldr(path
, false, unprivileged_mode
, ret_uuid
);
1426 path
= getenv("SYSTEMD_XBOOTLDR_PATH");
1428 if (!path_is_valid(path
) || !path_is_absolute(path
))
1429 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1430 "$SYSTEMD_XBOOTLDR_PATH does not refer to absolute path, refusing to use it: %s",
1436 r
= verify_xbootldr("/boot", true, unprivileged_mode
, ret_uuid
);
1441 if (!IN_SET(r
, -ENOENT
, -EADDRNOTAVAIL
)) /* This one is not it */