projects / systemd / .git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c2d72b) | patch
Disable reading SystemdOptions EFI Var when in SecureBoot mode
authorArian van Putten <arian.vanputten@gmail.com>
Wed, 15 Jan 2020 16:10:11 +0000 (17:10 +0100)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 5 Feb 2020 13:41:58 +0000 (14:41 +0100)
commit84c048799a78a121c0536bf947b02c99093d3bfc
tree16e1966ef578863ba5349d6452676bf7091b8cfatree | snapshot
parent4c2d72b53091ed8d8e362dca052e5b9fa8325d96commit | diff
Disable reading SystemdOptions EFI Var when in SecureBoot mode

In SecureBoot mode this is probably not what you want. As your cmdline
is cryptographically signed like when using Type #2 EFI Unified Kernel
Images (https://systemd.io/BOOT_LOADER_SPECIFICATION/) The user's
intention is then that the cmdline should not be modified.  You want to
make sure that the system starts up as exactly specified in the signed
artifact.

(cherry picked from commit c7d26acce6dcb0e72be6160873fac758e9b7c440)
src/basic/efivars.c diff | blob | history
src/basic/efivars.h diff | blob | history
src/basic/proc-cmdline.c diff | blob | history
src/shared/efi-loader.c diff | blob | history
src/shared/efi-loader.h diff | blob | history
https://github.com/systemd/systemd.git