From 7f2b6a50d3c47da8a697f50c0bc191902ebec069 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 17 Sep 2020 17:32:34 +0200
Subject: [PATCH] dissect: always invalidate secondary arch partitions if we
 found primary arch

Let's suppress the secondary arch data, since we never ever want to
mount it if we found the primary arch.

Previously we only suppressed in the Verity case, but there's little
reason to entertain the idea of a secondary arch in non-Verity
environments either, we are not going to use them, and should not do
decryption or anything like that.

(cherry picked from commit 74cb2db9f403dfe17cabc6dac48b0f49a84eb03f)
(cherry picked from commit 418cf0e78c067f7249f4769f78c8c199d907935f)
---
 src/shared/dissect-image.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 2504f18f9a..ed7018f57e 100644
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -764,7 +764,12 @@ int dissect_image(
                 }
         }
 
-        if (!m->partitions[PARTITION_ROOT].found) {
+        if (m->partitions[PARTITION_ROOT].found) {
+                /* If we found the primary arch, then invalidate the secondary arch to avoid any ambiguities,
+                 * since we never want to mount the secondary arch in this case. */
+                m->partitions[PARTITION_ROOT_SECONDARY].found = false;
+                m->partitions[PARTITION_ROOT_SECONDARY_VERITY].found = false;
+        } else {
                 /* No root partition found? Then let's see if ther's one for the secondary architecture. And if not
                  * either, then check if there's a single generic one, and use that. */
 
@@ -809,12 +814,6 @@ int dissect_image(
                 if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found)
                         return -EADDRNOTAVAIL;
 
-                /* If we found the primary root with the hash, then we definitely want to suppress any secondary root
-                 * (which would be weird, after all the root hash should only be assigned to one pair of
-                 * partitions... */
-                m->partitions[PARTITION_ROOT_SECONDARY].found = false;
-                m->partitions[PARTITION_ROOT_SECONDARY_VERITY].found = false;
-
                 /* If we found a verity setup, then the root partition is necessarily read-only. */
                 m->partitions[PARTITION_ROOT].rw = false;
 
-- 
2.25.1