#include "chattr-util.h"
#include "efivars.h"
#include "fd-util.h"
+#include "fileio.h"
#include "io-util.h"
#include "macro.h"
#include "stdio-util.h"
return p;
}
+static char* efi_variable_cache_path(sd_id128_t vendor, const char *name) {
+ char *p;
+
+ if (asprintf(&p,
+ "/run/systemd/efivars/%s-" SD_ID128_UUID_FORMAT_STR,
+ name, SD_ID128_FORMAT_VAL(vendor)) < 0)
+ return NULL;
+
+ return p;
+}
+
int efi_get_variable(
sd_id128_t vendor,
const char *name,
return cache > 0;
}
-int systemd_efi_options_variable(char **line) {
- const char *e;
+int cache_efi_options_variable(void) {
+ _cleanup_free_ char *line = NULL, *cachepath = NULL;
int r;
- assert(line);
-
- /* For testing purposes it is sometimes useful to be able to override this */
- e = secure_getenv("SYSTEMD_EFI_OPTIONS");
- if (e) {
- char *m;
-
- m = strdup(e);
- if (!m)
- return -ENOMEM;
-
- *line = m;
- return 0;
- }
-
/* In SecureBoot mode this is probably not what you want. As your cmdline is cryptographically signed
* like when using Type #2 EFI Unified Kernel Images (https://systemd.io/BOOT_LOADER_SPECIFICATION/)
* The user's intention is then that the cmdline should not be modified. You want to make sure that
* the system starts up as exactly specified in the signed artifact.
*
- * (NB: to make testing purposes we still check the $SYSTEMD_EFI_OPTIONS env var above, even when in
- * SecureBoot mode.) */
+ * (NB: For testing purposes, we still check the $SYSTEMD_EFI_OPTIONS env var before accessing this
+ * cache, even when in SecureBoot mode.) */
if (is_efi_secure_boot()) {
_cleanup_free_ char *k;
return -EPERM;
}
- r = efi_get_variable_string(EFI_VENDOR_SYSTEMD, "SystemdOptions", line);
+ r = efi_get_variable_string(EFI_VENDOR_SYSTEMD, "SystemdOptions", &line);
if (r == -ENOENT)
return -ENODATA;
+ if (r < 0)
+ return r;
+ cachepath = efi_variable_cache_path(EFI_VENDOR_SYSTEMD, "SystemdOptions");
+ if (!cachepath)
+ return -ENOMEM;
+
+ return write_string_file(cachepath, line, WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_MKDIR_0755);
+}
+
+int systemd_efi_options_variable(char **line) {
+ const char *e;
+ _cleanup_free_ char *cachepath = NULL;
+ int r;
+
+ assert(line);
+
+ /* For testing purposes it is sometimes useful to be able to override this */
+ e = secure_getenv("SYSTEMD_EFI_OPTIONS");
+ if (e) {
+ char *m;
+
+ m = strdup(e);
+ if (!m)
+ return -ENOMEM;
+
+ *line = m;
+ return 0;
+ }
+
+ cachepath = efi_variable_cache_path(EFI_VENDOR_SYSTEMD, "SystemdOptions");
+ if (!cachepath)
+ return -ENOMEM;
+
+ r = read_one_line_file(cachepath, line);
+ if (r == -ENOENT)
+ return -ENODATA;
return r;
}
#endif
#include "dbus.h"
#include "def.h"
#include "efi-random.h"
+#include "efivars.h"
#include "emergency-action.h"
#include "env-util.h"
#include "exit-status.h"
/* The efivarfs is now mounted, let's read the random seed off it */
(void) efi_take_random_seed();
+
+ /* Cache command-line options passed from EFI variables */
+ if (!skip_setup)
+ (void) cache_efi_options_variable();
}
/* Save the original RLIMIT_NOFILE/RLIMIT_MEMLOCK so that we can reset it later when
projects / thirdparty / systemd.git / commitdiff
