From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 13 May 2025 09:23:26 +0000 (+0200)
Subject: sd-boot: add support for a sysfail entry (#34856)
X-Git-Tag: v258-rc1~637
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f9d76a8d1596927b52eded4ce7e8bbf512aff551;p=thirdparty%2Fsystemd.git

sd-boot: add support for a sysfail entry (#34856)

Add support for a sysfail boot entry. Sysfail boot entries can be used
for optional tweaking the automatic selection order in case a failure
state of the system in some form is detected (boot firmware failure
etc).

The EFI variable `LoaderEntrySysFail` contains the sysfail boot loader
entry to use. It can be set using bootctl:
```
$ bootctl set-sysfail sysfail.conf
```

The `LoaderEntrySysFail` EFI variable would be unset automatically
during next boot by `systemd-boot-clear-sysfail.service` if no system
failure occured, otherwise it would be kept as it is and a system
failure reason will be saved to `LoaderSysFailReason` EFI variable.

`sysfail_check()` expected to be extented to support possibleconditions
when we should boot sysfail("recovery") boot entry.

Also add support for using a sysfail boot entry in case of UEFI firmware
capsule update failure [1]. The status of a firmware update is obtained
from the EFI System Resource Table (ESRT), which provides an optional
mechanism for identifying device and system firmware resources for the
purposes of targeting firmware updates to those resources.

Current implementation uses the value of LastAttemptStatus field from
ESRT, which describes the result of the last firmware update attempt for
the firmware resource entry. The field is updated each time an
`UpdateCapsule()` is attempted for an ESRT entry and is preserved across
reboots (non-volatile).

This can be be used in setups with support for A/B OTA updates, where
the boot firmware and Linux/RootFS might be updated synchronously.

The check is activated by adding "sysfail-firmware-upd" to loader.conf

[1]
https://uefi.org/specs/UEFI/2.10/23_Firmware_Update_and_Reporting.html
---

f9d76a8d1596927b52eded4ce7e8bbf512aff551