[systemd-devel] Prevent firmware from falling back to next EFI boot option on secure boot failure?
Lennart Poettering
lennart at poettering.net
Wed Nov 23 16:04:38 UTC 2022
On Mi, 23.11.22 10:22, Daniel Harms (jdharms at gmail.com) wrote:
> Hello,
>
> We are doing some experiments with booting self-signed Unified Kernel
> Images (UKIs) using systemd-boot. Our eventual use-case is edge/IoT
> devices, so no interactive user will be present for most OS upgrade
> flows.
>
> In doing some testing on the boot option fallback features (in a
> vmware vm) we’ve run into a snag—when we set up an unsigned UKI as the
> first option and a properly signed UKI as the second option,
> systemd-boot appears to attempt to boot the unsigned one (as
> expected), the system reports a security violation, but then the
> firmware kicks us to the next boot option.
Hmm, are you sure this is the firmware? Normally a security violation
should just be returned as an error to sd-boot, and sd-boot should be
able to pick the next option then. Not entirely sure this works
correctly though. There might be a bug lurking somewhere.
it's simply not a case we regular test for. But it should be a case
that just works.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list