boot: don't pass kernel cmdline option to UKIs which have the very same line built-in

There's really no point in first extracting a command line from an UKI
to just pass it unmodified to the UKI. In particular as this is
systematically ignored in SecureBoot is enabled.

Let's drop this, so that unless the user actually edits the cmdline we
pass nothing to the invoked kernel.

Note that this low-key is a compat break, since the passed cmdline gets
measured. However, in the interest of minimized the difference between
systems with and without sd-boot to behave the same i think we should
suppress the command line anyway.

diff --git a/src/boot/efi/boot.c b/src/boot/efi/boot.c
index 3704ee684697e9c683e0c4bdc4ca696df74e1668..83cdd87afc15ee05efad255250973fe19f97f1b0 100644 (file)
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@@ -56,6 +56,7 @@ typedef struct {
         char16_t *loader;
         char16_t *devicetree;
         char16_t *options;
+        bool options_implied; /* If true, these options are implied if we invoke the PE binary without any parameters (as in: UKI). If false we must specify these options explicitly. */
         char16_t **initrd;
         char16_t key;
         EFI_STATUS (*call)(void);
@@ -942,6 +943,10 @@ static bool menu_run(
                         print_at(1, y_status, COLOR_EDIT, clearline + 2);
                         exit = line_edit(&config->entries[idx_highlight]->options, x_max - 2, y_status);
                         print_at(1, y_status, COLOR_NORMAL, clearline + 2);
+
+                        /* The options string was now edited, hence we have to pass it to the invoked
+                         * binary. */
+                        config->entries[idx_highlight]->options_implied = false;
                         break;
 
                 case KEYPRESS(0, 0, 'v'):
@@ -2248,6 +2253,7 @@ static void config_entry_add_unified(
                 if (err == EFI_SUCCESS) {
                         entry->options = xstrn8_to_16(content, cmdline_len);
                         mangle_stub_cmdline(entry->options);
+                        entry->options_implied = true;
                 }
         }
 }
@@ -2398,7 +2404,10 @@ static EFI_STATUS image_start(
         if (err != EFI_SUCCESS)
                 return log_error_status(err, "Error getting LoadedImageProtocol handle: %m");
 
-        char16_t *options = options_initrd ?: entry->options;
+        /* If we had to append an initrd= entry to the command line, we have to pass it, and measure
+         * it. Otherwise, only pass/measure it if it is not implicit anyway (i.e. embedded into the UKI or
+         * so). */
+        char16_t *options = options_initrd ?: entry->options_implied ? NULL : entry->options;
         if (options) {
                 loaded_image->LoadOptions = options;
                 loaded_image->LoadOptionsSize = strsize16(options);