From 54c84c8a7a95f73af3a1cd5f53e49abc79244b3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 26 Nov 2022 14:31:57 +0100 Subject: ukify: allow multiple initrds If given, multiple initrds are concatenated into a temporary file which then becomes the .initrd section. It is also possible to give no initrd. After all, some machines boot without an initrd, and it should be possible to use the stub without requiring an initrd. (The stub might not like this, but this is something to fix there.) --- man/ukify.xml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'man/ukify.xml') diff --git a/man/ukify.xml b/man/ukify.xml index 3cc13a4cba..17546d543d 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -24,7 +24,7 @@ /usr/lib/systemd/ukify LINUX - INITRD + INITRD OPTIONS @@ -78,8 +78,10 @@ Options - Note that the LINUX and INITRD positional - arguments are mandatory. + Note that the LINUX positional argument is mandatory. The + INITRD positional arguments are optional. If more than one is specified, they + will all be combined into a single PE section. This is useful to for example prepend microcode before the + actual initrd. The following options are understood: @@ -268,6 +270,7 @@ /usr/lib/systemd/ukify \ /lib/modules/6.0.9-300.fc37.x86_64/vmlinuz \ + early_cpio \ /some/path/initramfs-6.0.9-300.fc37.x86_64.img \ --pcr-private-key=pcr-private-initrd-key.pem \ --pcr-public-key=pcr-public-initrd-key.pem \ @@ -284,6 +287,8 @@ This creates a signed UKI ./vmlinuz.signed.efi. + The initrd section contains two concatenated parts, early_cpio + and initramfs-6.0.9-300.fc37.x86_64.img. The policy embedded in the .pcrsig section will be signed for the initrd (the enter-initrd phase) with the key pcr-private-initrd-key.pem, and for the main system (phases -- cgit v1.2.1