summaryrefslogtreecommitdiff
path: root/src/basic/proc-cmdline.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2020-04-30 10:08:54 +0200
committerLennart Poettering <lennart@poettering.net>2020-04-30 12:12:14 +0200
commit484f4e5b2d62e885998fa3c09ed4d58b6c38f987 (patch)
tree21e342bbde8e4e326402a96d52b5e66f7800f801 /src/basic/proc-cmdline.c
parentf46ba93944aac3f05211e0d630cdf84955eba2d8 (diff)
downloadsystemd-484f4e5b2d62e885998fa3c09ed4d58b6c38f987.tar.gz
efi: honour SYSTEMD_EFI_OPTIONS even if we wouldn't honour SystemdOptions EFI var due to SecureBoot
Fixes: #14864
Diffstat (limited to 'src/basic/proc-cmdline.c')
-rw-r--r--src/basic/proc-cmdline.c16
1 files changed, 2 insertions, 14 deletions
diff --git a/src/basic/proc-cmdline.c b/src/basic/proc-cmdline.c
index 1af58717c6..d3d99d9a7f 100644
--- a/src/basic/proc-cmdline.c
+++ b/src/basic/proc-cmdline.c
@@ -39,18 +39,6 @@ int proc_cmdline(char **ret) {
return read_one_line_file("/proc/cmdline", ret);
}
-/* In SecureBoot mode this is probably not what you want. As your cmdline is
- * cryptographically signed like when using Type #2 EFI Unified Kernel Images
- * (https://systemd.io/BOOT_LOADER_SPECIFICATION/) The user's intention is then
- * that the cmdline should not be modified. You want to make sure that the
- * system starts up as exactly specified in the signed artifact. */
-static int systemd_options_variable(char **line) {
- if (is_efi_secure_boot())
- return -ENODATA;
-
- return systemd_efi_options_variable(line);
-}
-
static int proc_cmdline_extract_first(const char **p, char **ret_word, ProcCmdlineFlags flags) {
const char *q = *p;
int r;
@@ -131,7 +119,7 @@ int proc_cmdline_parse(proc_cmdline_parse_t parse_item, void *data, ProcCmdlineF
/* We parse the EFI variable first, because later settings have higher priority. */
- r = systemd_options_variable(&line);
+ r = systemd_efi_options_variable(&line);
if (r < 0 && r != -ENODATA)
log_debug_errno(r, "Failed to get SystemdOptions EFI variable, ignoring: %m");
@@ -262,7 +250,7 @@ int proc_cmdline_get_key(const char *key, ProcCmdlineFlags flags, char **ret_val
return r;
line = mfree(line);
- r = systemd_options_variable(&line);
+ r = systemd_efi_options_variable(&line);
if (r == -ENODATA)
return false; /* Not found */
if (r < 0)