]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5c1a9ef) | patch
Disable reading SystemdOptions EFI Var when in SecureBoot mode
authorArian van Putten <arian.vanputten@gmail.com>
Wed, 15 Jan 2020 16:10:11 +0000 (17:10 +0100)
committerLennart Poettering <lennart@poettering.net>
Thu, 16 Jan 2020 17:46:56 +0000 (18:46 +0100)
commitc7d26acce6dcb0e72be6160873fac758e9b7c440
tree5a9c558641c40884b6a03d591fa4027f255d6584tree | snapshot
parent5c1a9ef08842e555d07d50cd495204a53bb96c37commit | diff
Disable reading SystemdOptions EFI Var when in SecureBoot mode

In SecureBoot mode this is probably not what you want. As your cmdline
is cryptographically signed like when using Type #2 EFI Unified Kernel
Images (https://systemd.io/BOOT_LOADER_SPECIFICATION/) The user's
intention is then that the cmdline should not be modified.  You want to
make sure that the system starts up as exactly specified in the signed
artifact.
src/basic/efivars.c diff | blob | blame | history
src/basic/efivars.h diff | blob | blame | history
src/basic/proc-cmdline.c diff | blob | blame | history
src/shared/efi-loader.c diff | blob | blame | history
src/shared/efi-loader.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.