diff options
author | Lennart Poettering <lennart@poettering.net> | 2020-04-30 10:08:54 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2020-04-30 12:12:14 +0200 |
commit | 484f4e5b2d62e885998fa3c09ed4d58b6c38f987 (patch) | |
tree | 21e342bbde8e4e326402a96d52b5e66f7800f801 /src/basic/proc-cmdline.c | |
parent | f46ba93944aac3f05211e0d630cdf84955eba2d8 (diff) | |
download | systemd-484f4e5b2d62e885998fa3c09ed4d58b6c38f987.tar.gz |
efi: honour SYSTEMD_EFI_OPTIONS even if we wouldn't honour SystemdOptions EFI var due to SecureBoot
Fixes: #14864
Diffstat (limited to 'src/basic/proc-cmdline.c')
-rw-r--r-- | src/basic/proc-cmdline.c | 16 |
1 files changed, 2 insertions, 14 deletions
diff --git a/src/basic/proc-cmdline.c b/src/basic/proc-cmdline.c index 1af58717c6..d3d99d9a7f 100644 --- a/src/basic/proc-cmdline.c +++ b/src/basic/proc-cmdline.c @@ -39,18 +39,6 @@ int proc_cmdline(char **ret) { return read_one_line_file("/proc/cmdline", ret); } -/* In SecureBoot mode this is probably not what you want. As your cmdline is - * cryptographically signed like when using Type #2 EFI Unified Kernel Images - * (https://systemd.io/BOOT_LOADER_SPECIFICATION/) The user's intention is then - * that the cmdline should not be modified. You want to make sure that the - * system starts up as exactly specified in the signed artifact. */ -static int systemd_options_variable(char **line) { - if (is_efi_secure_boot()) - return -ENODATA; - - return systemd_efi_options_variable(line); -} - static int proc_cmdline_extract_first(const char **p, char **ret_word, ProcCmdlineFlags flags) { const char *q = *p; int r; @@ -131,7 +119,7 @@ int proc_cmdline_parse(proc_cmdline_parse_t parse_item, void *data, ProcCmdlineF /* We parse the EFI variable first, because later settings have higher priority. */ - r = systemd_options_variable(&line); + r = systemd_efi_options_variable(&line); if (r < 0 && r != -ENODATA) log_debug_errno(r, "Failed to get SystemdOptions EFI variable, ignoring: %m"); @@ -262,7 +250,7 @@ int proc_cmdline_get_key(const char *key, ProcCmdlineFlags flags, char **ret_val return r; line = mfree(line); - r = systemd_options_variable(&line); + r = systemd_efi_options_variable(&line); if (r == -ENODATA) return false; /* Not found */ if (r < 0) |