1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 #include <linux/magic.h>
8 #include "alloc-util.h"
9 #include "blkid-util.h"
11 #include "conf-files.h"
13 #include "device-nodes.h"
18 #include "parse-util.h"
19 #include "path-util.h"
20 #include "stat-util.h"
21 #include "string-util.h"
25 static void boot_entry_free(BootEntry
*entry
) {
32 free(entry
->show_title
);
34 free(entry
->machine_id
);
35 free(entry
->architecture
);
36 strv_free(entry
->options
);
39 strv_free(entry
->initrd
);
40 free(entry
->device_tree
);
43 static int boot_entry_load(
48 _cleanup_(boot_entry_free
) BootEntry tmp
= {};
49 _cleanup_fclose_
FILE *f
= NULL
;
58 c
= endswith_no_case(path
, ".conf");
60 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Invalid loader entry filename: %s", path
);
63 tmp
.id
= strndup(b
, c
- b
);
67 tmp
.path
= strdup(path
);
71 tmp
.root
= strdup(root
);
75 f
= fopen(path
, "re");
77 return log_error_errno(errno
, "Failed to open \"%s\": %m", path
);
80 _cleanup_free_
char *buf
= NULL
, *field
= NULL
;
83 r
= read_line(f
, LONG_LINE_MAX
, &buf
);
87 return log_error_errno(r
, "%s:%u: Line too long", path
, line
);
89 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
93 if (IN_SET(*strstrip(buf
), '#', '\0'))
97 r
= extract_first_word(&p
, &field
, " \t", 0);
99 log_error_errno(r
, "Failed to parse config file %s line %u: %m", path
, line
);
103 log_warning("%s:%u: Bad syntax", path
, line
);
107 if (streq(field
, "title"))
108 r
= free_and_strdup(&tmp
.title
, p
);
109 else if (streq(field
, "version"))
110 r
= free_and_strdup(&tmp
.version
, p
);
111 else if (streq(field
, "machine-id"))
112 r
= free_and_strdup(&tmp
.machine_id
, p
);
113 else if (streq(field
, "architecture"))
114 r
= free_and_strdup(&tmp
.architecture
, p
);
115 else if (streq(field
, "options"))
116 r
= strv_extend(&tmp
.options
, p
);
117 else if (streq(field
, "linux"))
118 r
= free_and_strdup(&tmp
.kernel
, p
);
119 else if (streq(field
, "efi"))
120 r
= free_and_strdup(&tmp
.efi
, p
);
121 else if (streq(field
, "initrd"))
122 r
= strv_extend(&tmp
.initrd
, p
);
123 else if (streq(field
, "devicetree"))
124 r
= free_and_strdup(&tmp
.device_tree
, p
);
126 log_notice("%s:%u: Unknown line \"%s\", ignoring.", path
, line
, field
);
130 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
134 tmp
= (BootEntry
) {};
138 void boot_config_free(BootConfig
*config
) {
143 free(config
->default_pattern
);
144 free(config
->timeout
);
145 free(config
->editor
);
146 free(config
->auto_entries
);
147 free(config
->auto_firmware
);
149 free(config
->entry_oneshot
);
150 free(config
->entry_default
);
152 for (i
= 0; i
< config
->n_entries
; i
++)
153 boot_entry_free(config
->entries
+ i
);
154 free(config
->entries
);
157 static int boot_loader_read_conf(const char *path
, BootConfig
*config
) {
158 _cleanup_fclose_
FILE *f
= NULL
;
165 f
= fopen(path
, "re");
170 return log_error_errno(errno
, "Failed to open \"%s\": %m", path
);
174 _cleanup_free_
char *buf
= NULL
, *field
= NULL
;
177 r
= read_line(f
, LONG_LINE_MAX
, &buf
);
181 return log_error_errno(r
, "%s:%u: Line too long", path
, line
);
183 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
187 if (IN_SET(*strstrip(buf
), '#', '\0'))
191 r
= extract_first_word(&p
, &field
, " \t", 0);
193 log_error_errno(r
, "Failed to parse config file %s line %u: %m", path
, line
);
197 log_warning("%s:%u: Bad syntax", path
, line
);
201 if (streq(field
, "default"))
202 r
= free_and_strdup(&config
->default_pattern
, p
);
203 else if (streq(field
, "timeout"))
204 r
= free_and_strdup(&config
->timeout
, p
);
205 else if (streq(field
, "editor"))
206 r
= free_and_strdup(&config
->editor
, p
);
207 else if (streq(field
, "auto-entries"))
208 r
= free_and_strdup(&config
->auto_entries
, p
);
209 else if (streq(field
, "auto-firmware"))
210 r
= free_and_strdup(&config
->auto_firmware
, p
);
211 else if (streq(field
, "console-mode"))
212 r
= free_and_strdup(&config
->console_mode
, p
);
214 log_notice("%s:%u: Unknown line \"%s\", ignoring.", path
, line
, field
);
218 return log_error_errno(r
, "%s:%u: Error while reading: %m", path
, line
);
224 static int boot_entry_compare(const BootEntry
*a
, const BootEntry
*b
) {
225 return str_verscmp(a
->id
, b
->id
);
228 static int boot_entries_find(
234 _cleanup_strv_free_
char **files
= NULL
;
235 size_t n_allocated
= *n_entries
;
245 r
= conf_files_list(&files
, ".conf", NULL
, 0, dir
, NULL
);
247 return log_error_errno(r
, "Failed to list files in \"%s\": %m", dir
);
249 STRV_FOREACH(f
, files
) {
250 if (!GREEDY_REALLOC0(*entries
, n_allocated
, *n_entries
+ 1))
253 r
= boot_entry_load(root
, *f
, *entries
+ *n_entries
);
262 typesafe_qsort(*entries
, *n_entries
, boot_entry_compare
);
267 static bool find_nonunique(BootEntry
*entries
, size_t n_entries
, bool *arr
) {
269 bool non_unique
= false;
271 assert(entries
|| n_entries
== 0);
272 assert(arr
|| n_entries
== 0);
274 for (i
= 0; i
< n_entries
; i
++)
277 for (i
= 0; i
< n_entries
; i
++)
278 for (j
= 0; j
< n_entries
; j
++)
279 if (i
!= j
&& streq(boot_entry_title(entries
+ i
),
280 boot_entry_title(entries
+ j
)))
281 non_unique
= arr
[i
] = arr
[j
] = true;
286 static int boot_entries_uniquify(BootEntry
*entries
, size_t n_entries
) {
292 assert(entries
|| n_entries
== 0);
294 /* Find _all_ non-unique titles */
295 if (!find_nonunique(entries
, n_entries
, arr
))
298 /* Add version to non-unique titles */
299 for (i
= 0; i
< n_entries
; i
++)
300 if (arr
[i
] && entries
[i
].version
) {
301 r
= asprintf(&s
, "%s (%s)", boot_entry_title(entries
+ i
), entries
[i
].version
);
305 free_and_replace(entries
[i
].show_title
, s
);
308 if (!find_nonunique(entries
, n_entries
, arr
))
311 /* Add machine-id to non-unique titles */
312 for (i
= 0; i
< n_entries
; i
++)
313 if (arr
[i
] && entries
[i
].machine_id
) {
314 r
= asprintf(&s
, "%s (%s)", boot_entry_title(entries
+ i
), entries
[i
].machine_id
);
318 free_and_replace(entries
[i
].show_title
, s
);
321 if (!find_nonunique(entries
, n_entries
, arr
))
324 /* Add file name to non-unique titles */
325 for (i
= 0; i
< n_entries
; i
++)
327 r
= asprintf(&s
, "%s (%s)", boot_entry_title(entries
+ i
), entries
[i
].id
);
331 free_and_replace(entries
[i
].show_title
, s
);
337 static int boot_entries_select_default(const BootConfig
*config
) {
342 if (config
->entry_oneshot
)
343 for (i
= config
->n_entries
- 1; i
>= 0; i
--)
344 if (streq(config
->entry_oneshot
, config
->entries
[i
].id
)) {
345 log_debug("Found default: id \"%s\" is matched by LoaderEntryOneShot",
346 config
->entries
[i
].id
);
350 if (config
->entry_default
)
351 for (i
= config
->n_entries
- 1; i
>= 0; i
--)
352 if (streq(config
->entry_default
, config
->entries
[i
].id
)) {
353 log_debug("Found default: id \"%s\" is matched by LoaderEntryDefault",
354 config
->entries
[i
].id
);
358 if (config
->default_pattern
)
359 for (i
= config
->n_entries
- 1; i
>= 0; i
--)
360 if (fnmatch(config
->default_pattern
, config
->entries
[i
].id
, FNM_CASEFOLD
) == 0) {
361 log_debug("Found default: id \"%s\" is matched by pattern \"%s\"",
362 config
->entries
[i
].id
, config
->default_pattern
);
366 if (config
->n_entries
> 0)
367 log_debug("Found default: last entry \"%s\"", config
->entries
[config
->n_entries
- 1].id
);
369 log_debug("Found no default boot entry :(");
371 return config
->n_entries
- 1; /* -1 means "no default" */
374 int boot_entries_load_config(
375 const char *esp_path
,
376 const char *xbootldr_path
,
377 BootConfig
*config
) {
385 p
= strjoina(esp_path
, "/loader/loader.conf");
386 r
= boot_loader_read_conf(p
, config
);
390 p
= strjoina(esp_path
, "/loader/entries");
391 r
= boot_entries_find(esp_path
, p
, &config
->entries
, &config
->n_entries
);
397 p
= strjoina(xbootldr_path
, "/loader/entries");
398 r
= boot_entries_find(xbootldr_path
, p
, &config
->entries
, &config
->n_entries
);
403 r
= boot_entries_uniquify(config
->entries
, config
->n_entries
);
405 return log_error_errno(r
, "Failed to uniquify boot entries: %m");
408 r
= efi_get_variable_string(EFI_VENDOR_LOADER
, "LoaderEntryOneShot", &config
->entry_oneshot
);
409 if (r
< 0 && r
!= -ENOENT
)
410 return log_error_errno(r
, "Failed to read EFI var \"LoaderEntryOneShot\": %m");
412 r
= efi_get_variable_string(EFI_VENDOR_LOADER
, "LoaderEntryDefault", &config
->entry_default
);
413 if (r
< 0 && r
!= -ENOENT
)
414 return log_error_errno(r
, "Failed to read EFI var \"LoaderEntryDefault\": %m");
417 config
->default_entry
= boot_entries_select_default(config
);
421 /********************************************************************************/
423 static int verify_esp(
426 bool unprivileged_mode
,
428 uint64_t *ret_pstart
,
430 sd_id128_t
*ret_uuid
) {
432 _cleanup_(blkid_free_probep
) blkid_probe b
= NULL
;
433 _cleanup_free_
char *node
= NULL
;
436 uint64_t pstart
= 0, psize
= 0;
440 sd_id128_t uuid
= SD_ID128_NULL
;
447 relax_checks
= getenv_bool("SYSTEMD_RELAX_ESP_CHECKS") > 0;
449 /* Non-root user can only check the status, so if an error occured in the following, it does not cause any
450 * issues. Let's also, silence the error messages. */
453 if (statfs(p
, &sfs
) < 0) {
454 /* If we are searching for the mount point, don't generate a log message if we can't find the path */
455 if (errno
== ENOENT
&& searching
)
458 return log_full_errno(unprivileged_mode
&& errno
== EACCES
? LOG_DEBUG
: LOG_ERR
, errno
,
459 "Failed to check file system type of \"%s\": %m", p
);
462 if (!F_TYPE_EQUAL(sfs
.f_type
, MSDOS_SUPER_MAGIC
)) {
464 return -EADDRNOTAVAIL
;
466 log_error("File system \"%s\" is not a FAT EFI System Partition (ESP) file system.", p
);
471 if (stat(p
, &st
) < 0)
472 return log_full_errno(unprivileged_mode
&& errno
== EACCES
? LOG_DEBUG
: LOG_ERR
, errno
,
473 "Failed to determine block device node of \"%s\": %m", p
);
475 if (major(st
.st_dev
) == 0) {
476 log_error("Block device node of %p is invalid.", p
);
480 t2
= strjoina(p
, "/..");
483 return log_full_errno(unprivileged_mode
&& errno
== EACCES
? LOG_DEBUG
: LOG_ERR
, errno
,
484 "Failed to determine block device node of parent of \"%s\": %m", p
);
486 if (st
.st_dev
== st2
.st_dev
) {
487 log_error("Directory \"%s\" is not the root of the EFI System Partition (ESP) file system.", p
);
491 /* In a container we don't have access to block devices, skip this part of the verification, we trust the
492 * container manager set everything up correctly on its own. Also skip the following verification for non-root user. */
493 if (detect_container() > 0 || unprivileged_mode
|| relax_checks
)
497 r
= device_path_make_major_minor(S_IFBLK
, st
.st_dev
, &node
);
499 return log_error_errno(r
, "Failed to format major/minor device path: %m");
501 b
= blkid_new_probe_from_filename(node
);
503 return log_error_errno(errno
?: ENOMEM
, "Failed to open file system \"%s\": %m", p
);
505 blkid_probe_enable_superblocks(b
, 1);
506 blkid_probe_set_superblocks_flags(b
, BLKID_SUBLKS_TYPE
);
507 blkid_probe_enable_partitions(b
, 1);
508 blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
511 r
= blkid_do_safeprobe(b
);
513 log_error("File system \"%s\" is ambiguous.", p
);
516 log_error("File system \"%s\" does not contain a label.", p
);
519 return log_error_errno(errno
?: EIO
, "Failed to probe file system \"%s\": %m", p
);
522 r
= blkid_probe_lookup_value(b
, "TYPE", &v
, NULL
);
524 return log_error_errno(errno
?: EIO
, "Failed to probe file system type \"%s\": %m", p
);
525 if (!streq(v
, "vfat")) {
526 log_error("File system \"%s\" is not FAT.", p
);
531 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_SCHEME", &v
, NULL
);
533 return log_error_errno(errno
?: EIO
, "Failed to probe partition scheme \"%s\": %m", p
);
534 if (!streq(v
, "gpt")) {
535 log_error("File system \"%s\" is not on a GPT partition table.", p
);
540 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_TYPE", &v
, NULL
);
542 return log_error_errno(errno
?: EIO
, "Failed to probe partition type UUID \"%s\": %m", p
);
543 if (!streq(v
, "c12a7328-f81f-11d2-ba4b-00a0c93ec93b")) {
544 log_error("File system \"%s\" has wrong type for an EFI System Partition (ESP).", p
);
549 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_UUID", &v
, NULL
);
551 return log_error_errno(errno
?: EIO
, "Failed to probe partition entry UUID \"%s\": %m", p
);
552 r
= sd_id128_from_string(v
, &uuid
);
554 log_error("Partition \"%s\" has invalid UUID \"%s\".", p
, v
);
559 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_NUMBER", &v
, NULL
);
561 return log_error_errno(errno
?: EIO
, "Failed to probe partition number \"%s\": m", p
);
562 r
= safe_atou32(v
, &part
);
564 return log_error_errno(r
, "Failed to parse PART_ENTRY_NUMBER field.");
567 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_OFFSET", &v
, NULL
);
569 return log_error_errno(errno
?: EIO
, "Failed to probe partition offset \"%s\": %m", p
);
570 r
= safe_atou64(v
, &pstart
);
572 return log_error_errno(r
, "Failed to parse PART_ENTRY_OFFSET field.");
575 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_SIZE", &v
, NULL
);
577 return log_error_errno(errno
?: EIO
, "Failed to probe partition size \"%s\": %m", p
);
578 r
= safe_atou64(v
, &psize
);
580 return log_error_errno(r
, "Failed to parse PART_ENTRY_SIZE field.");
587 *ret_pstart
= pstart
;
596 int find_esp_and_warn(
598 bool unprivileged_mode
,
601 uint64_t *ret_pstart
,
603 sd_id128_t
*ret_uuid
) {
607 /* This logs about all errors except:
609 * -ENOKEY → when we can't find the partition
610 * -EACCESS → when unprivileged_mode is true, and we can't access something
614 r
= verify_esp(path
, false, unprivileged_mode
, ret_part
, ret_pstart
, ret_psize
, ret_uuid
);
621 path
= getenv("SYSTEMD_ESP_PATH");
623 if (!path_is_valid(path
) || !path_is_absolute(path
))
624 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
625 "$SYSTEMD_ESP_PATH does not refer to absolute path, refusing to use it: %s",
628 /* Note: when the user explicitly configured things with an env var we won't validate the mount
629 * point. After all we want this to be useful for testing. */
633 FOREACH_STRING(path
, "/efi", "/boot", "/boot/efi") {
635 r
= verify_esp(path
, true, unprivileged_mode
, ret_part
, ret_pstart
, ret_psize
, ret_uuid
);
638 if (!IN_SET(r
, -ENOENT
, -EADDRNOTAVAIL
)) /* This one is not it */
642 /* No logging here */
659 static int verify_xbootldr(
662 bool unprivileged_mode
,
663 sd_id128_t
*ret_uuid
) {
665 _cleanup_(blkid_free_probep
) blkid_probe b
= NULL
;
666 _cleanup_free_
char *node
= NULL
;
671 sd_id128_t uuid
= SD_ID128_NULL
;
677 relax_checks
= getenv_bool("SYSTEMD_RELAX_XBOOTLDR_CHECKS") > 0;
679 if (stat(p
, &st
) < 0)
680 return log_full_errno((searching
&& errno
== ENOENT
) ||
681 (unprivileged_mode
&& errno
== EACCES
) ? LOG_DEBUG
: LOG_ERR
, errno
,
682 "Failed to determine block device node of \"%s\": %m", p
);
684 if (major(st
.st_dev
) == 0)
685 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
686 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
687 "Block device node of \"%s\" is invalid.", p
);
689 t2
= strjoina(p
, "/..");
692 return log_full_errno(unprivileged_mode
&& errno
== EACCES
? LOG_DEBUG
: LOG_ERR
, errno
,
693 "Failed to determine block device node of parent of \"%s\": %m", p
);
695 if (st
.st_dev
== st2
.st_dev
)
696 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
697 SYNTHETIC_ERRNO(searching
? EADDRNOTAVAIL
: ENODEV
),
698 "Directory \"%s\" is not the root of the XBOOTLDR file system.", p
);
700 /* In a container we don't have access to block devices, skip this part of the verification, we trust
701 * the container manager set everything up correctly on its own. Also skip the following verification
702 * for non-root user. */
703 if (detect_container() > 0 || unprivileged_mode
|| relax_checks
)
707 r
= device_path_make_major_minor(S_IFBLK
, st
.st_dev
, &node
);
709 return log_error_errno(r
, "Failed to format major/minor device path: %m");
711 b
= blkid_new_probe_from_filename(node
);
713 return log_error_errno(errno
?: SYNTHETIC_ERRNO(ENOMEM
), "Failed to open file system \"%s\": %m", p
);
715 blkid_probe_enable_partitions(b
, 1);
716 blkid_probe_set_partitions_flags(b
, BLKID_PARTS_ENTRY_DETAILS
);
719 r
= blkid_do_safeprobe(b
);
721 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "File system \"%s\" is ambiguous.", p
);
723 return log_error_errno(SYNTHETIC_ERRNO(ENODEV
), "File system \"%s\" does not contain a label.", p
);
725 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe file system \"%s\": %m", p
);
728 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_SCHEME", &v
, NULL
);
730 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition scheme \"%s\": %m", p
);
731 if (streq(v
, "gpt")) {
734 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_TYPE", &v
, NULL
);
736 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition type UUID \"%s\": %m", p
);
737 if (!streq(v
, "bc13c2ff-59e6-4262-a352-b275fd6f7172"))
738 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
739 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
740 "File system \"%s\" has wrong type for extended boot loader partition.", p
);
743 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_UUID", &v
, NULL
);
745 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition entry UUID \"%s\": %m", p
);
746 r
= sd_id128_from_string(v
, &uuid
);
748 return log_error_errno(r
, "Partition \"%s\" has invalid UUID \"%s\".", p
, v
);
750 } else if (streq(v
, "dos")) {
753 r
= blkid_probe_lookup_value(b
, "PART_ENTRY_TYPE", &v
, NULL
);
755 return log_error_errno(errno
?: SYNTHETIC_ERRNO(EIO
), "Failed to probe partition type UUID \"%s\": %m", p
);
756 if (!streq(v
, "0xea"))
757 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
758 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
759 "File system \"%s\" has wrong type for extended boot loader partition.", p
);
762 return log_full_errno(searching
? LOG_DEBUG
: LOG_ERR
,
763 searching
? SYNTHETIC_ERRNO(EADDRNOTAVAIL
) : SYNTHETIC_ERRNO(ENODEV
),
764 "File system \"%s\" is not on a GPT or DOS partition table.", p
);
775 int find_xbootldr_and_warn(
777 bool unprivileged_mode
,
779 sd_id128_t
*ret_uuid
) {
783 /* Similar to find_esp_and_warn(), but finds the XBOOTLDR partition. Returns the same errors. */
786 r
= verify_xbootldr(path
, false, unprivileged_mode
, ret_uuid
);
793 path
= getenv("SYSTEMD_XBOOTLDR_PATH");
795 if (!path_is_valid(path
) || !path_is_absolute(path
))
796 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
797 "$SYSTEMD_XBOOTLDR_PATH does not refer to absolute path, refusing to use it: %s",
803 r
= verify_xbootldr("/boot", true, unprivileged_mode
, ret_uuid
);
808 if (!IN_SET(r
, -ENOENT
, -EADDRNOTAVAIL
)) /* This one is not it */
827 int find_default_boot_entry(
828 const char *esp_path
,
829 const char *xbootldr_path
,
831 const BootEntry
**e
) {
833 _cleanup_free_
char *esp_where
= NULL
, *xbootldr_where
= NULL
;
839 r
= find_esp_and_warn(esp_path
, false, &esp_where
, NULL
, NULL
, NULL
, NULL
);
843 r
= find_xbootldr_and_warn(xbootldr_path
, false, &xbootldr_where
, NULL
);
844 if (r
< 0 && r
!= -ENOKEY
)
847 r
= boot_entries_load_config(esp_where
, xbootldr_where
, config
);
849 return log_error_errno(r
, "Failed to load boot loader entries: %m");
851 if (config
->default_entry
< 0)
852 return log_error_errno(SYNTHETIC_ERRNO(ENOENT
),
853 "No boot loader entry suitable as default, refusing to guess.");
855 *e
= &config
->entries
[config
->default_entry
];
856 log_debug("Found default boot loader entry in file \"%s\"", (*e
)->path
);