<member><filename><replaceable>ESP</replaceable>/.../<replaceable>foo</replaceable>.efi.extra.d/*.confext.raw</filename></member>
<member><filename><replaceable>ESP</replaceable>/loader/addons/*.addon.efi</filename></member>
<member><filename><replaceable>ESP</replaceable>/loader/credentials/*.cred</filename></member>
+ <member><filename><replaceable>ESP</replaceable>/loader/extensions/*.sysext.raw</filename></member>
+ <member><filename><replaceable>ESP</replaceable>/loader/extensions/*.confext.raw</filename></member>
</simplelist></para>
</refsynopsisdiv>
<listitem><para>Similarly, files
<filename><replaceable>foo</replaceable>.efi.extra.d/*.sysext.raw</filename> are packed up in a
<command>cpio</command> archive and placed in the <filename>/.extra/sysext/</filename> directory in the
- initrd file hierarchy. This is supposed to be used to pass additional system extension images to the
- initrd. See
+ initrd file hierarchy. This is supposed to be used to pass additional UKI-specific system extension
+ images to the initrd. See
<citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
details on system extension images. The generated <command>cpio</command> archive containing these
system extension images is measured into TPM PCR 13 (if a TPM is present).</para></listitem>
compatibility reasons with old versions. But we want people to name their system extensions
properly, hence we document the *.sysext.raw suffix only. -->
+ <listitem><para>Similarly, files <filename>/loader/extensions/*.sysext.raw</filename>
+ are packed up in a <command>cpio</command> archive and placed in the <filename>/.extra/global_sysext/</filename>
+ directory in the initrd file hierarchy. This is supposed to be used to pass additional global system
+ extension images to the initrd. See
+ <citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
+ details on system extension images. The generated <command>cpio</command> archive containing these
+ system extension images is measured into TPM PCR 13 (if a TPM is present).</para></listitem>
+
<listitem><para>Similarly, files
<filename><replaceable>foo</replaceable>.efi.extra.d/*.confext.raw</filename> are packed up in a
<command>cpio</command> archive and placed in the <filename>/.extra/confext/</filename> directory in
- the initrd file hierarchy. This is supposed to be used to pass additional configuration extension
- images to the initrd. See
+ the initrd file hierarchy. This is supposed to be used to pass additional UKI-specific configuration
+ extension images to the initrd. See
+ <citerefentry><refentrytitle>systemd-confext</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
+ details on configuration extension images. The generated <command>cpio</command> archive containing
+ these configuration extension images is measured into TPM PCR 12 (if a TPM is present).</para></listitem>
+
+ <listitem><para>Similarly, files <filename>/loader/extensions/*.confext.raw</filename>
+ are packed up in a <command>cpio</command> archive and placed in the <filename>/.extra/global_confext/</filename>
+ directory in the initrd file hierarchy. This is supposed to be used to pass additional global configuration
+ extension images to the initrd. See
<citerefentry><refentrytitle>systemd-confext</refentrytitle><manvolnum>8</manvolnum></citerefentry> for
details on configuration extension images. The generated <command>cpio</command> archive containing
these configuration extension images is measured into TPM PCR 12 (if a TPM is present).</para></listitem>
<xi:include href="version-info.xml" xpointer="v252"/></listitem>
</varlistentry>
+ <varlistentry>
+ <term><filename>/.extra/global_sysext/*.sysext.raw</filename></term>
+ <listitem><para>Similarly, system extension image files (suffix <literal>.sysext.raw</literal>) that
+ are placed in the <filename>/loader/extensions/</filename> directory in the file system the unified
+ kernel image is placed in are copied into the <filename>/.extra/global_sysext/</filename>
+ directory in the initrd execution environment.</para>
+
+ <xi:include href="version-info.xml" xpointer="v258"/></listitem>
+ </varlistentry>
+
<varlistentry>
<term><filename>/.extra/confext/*.confext.raw</filename></term>
<listitem><para>Configuration extension image files (suffix <literal>.confext.raw</literal>) that are
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
+ <varlistentry>
+ <term><filename>/.extra/global_confext/*.confext.raw</filename></term>
+ <listitem><para>Similarly, configuration extension image files (suffix <literal>.confext.raw</literal>)
+ that are placed in the <filename>/loader/extensions/</filename> directory in the file system the unified
+ kernel image is placed in are copied into the <filename>/.extra/global_confext/</filename>
+ directory in the initrd execution environment.</para>
+
+ <xi:include href="version-info.xml" xpointer="v258"/></listitem>
+ </varlistentry>
+
<varlistentry>
<term><filename>/.extra/tpm2-pcr-signature.json</filename></term>
<listitem><para>The TPM2 PCR signature JSON object included in the <literal>.pcrsig</literal> PE
INITRD_CREDENTIAL = _INITRD_DYNAMIC_FIRST,
INITRD_GLOBAL_CREDENTIAL,
INITRD_SYSEXT,
+ INITRD_GLOBAL_SYSEXT,
INITRD_CONFEXT,
+ INITRD_GLOBAL_CONFEXT,
INITRD_PCRSIG,
INITRD_PCRPKEY,
INITRD_OSREL,
&m) == EFI_SUCCESS)
combine_measured_flag(sysext_measured, m);
+ if (pack_cpio(loaded_image,
+ u"\\loader\\extensions",
+ u".sysext.raw",
+ /* exclude_suffix= */ NULL,
+ ".extra/global_sysext",
+ /* dir_mode= */ 0555,
+ /* access_mode= */ 0444,
+ /* tpm_pcr= */ TPM2_PCR_SYSEXTS,
+ u"Global system extension initrd",
+ initrds + INITRD_GLOBAL_SYSEXT,
+ &m) == EFI_SUCCESS)
+ combine_measured_flag(sysext_measured, m);
+
if (pack_cpio(loaded_image,
/* dropin_dir= */ NULL,
u".confext.raw",
initrds + INITRD_CONFEXT,
&m) == EFI_SUCCESS)
combine_measured_flag(confext_measured, m);
+
+ if (pack_cpio(loaded_image,
+ u"\\loader\\extensions",
+ u".confext.raw",
+ /* exclude_suffix= */ NULL,
+ ".extra/global_confext",
+ /* dir_mode= */ 0555,
+ /* access_mode= */ 0444,
+ /* tpm_pcr= */ TPM2_PCR_KERNEL_CONFIG,
+ u"Global configuration extension initrd",
+ initrds + INITRD_GLOBAL_CONFEXT,
+ &m) == EFI_SUCCESS)
+ combine_measured_flag(confext_measured, m);
}
static void generate_embedded_initrds(
projects / thirdparty / systemd.git / commitdiff
