[systemd-devel] Passing Kernel Params from systemd-boot for Secure Boot UKI

Mikko Rapeli mikko.rapeli at linaro.org
Tue Oct 8 07:37:11 UTC 2024 

Hi,

On Tue, Oct 08, 2024 at 09:22:05AM +0200, Lennart Poettering wrote:
> On Mo, 07.10.24 13:54, Mah, Yock Gen (yock.gen.mah at intel.com) wrote:
> 
> > My Mariner OS is built with following features:
> >
> > 1, Unified Kernel Image (kernel+initrd+cmdline)
> > 2. Systemd-boot as boot loader
> > 3. Secure Boot enabled
> > 4. Multi boot
> >
> > Systemd-boot config files looks like below
> >
> > ```
> > root at YockgenOS [ ~ ]# cat /boot/efi/loader/entries/sos1.conf
> > Title   Yockgen OS1 UKI
> > efi     /EFI/Linux/linux-6.1.0-0.efi.signed
> > options root=PARTUUID=xxxxx-xxxx-xxxxa ro quiet yockgen=1
> > ```
> > ```
> > root at YockgenOS [ ~ ]# cat /boot/efi/loader/entries/sos2.conf
> > Title   Yockgen OS2 UKI
> > efi     /EFI/Linux/linux-6.1.0-1.efi.signed
> > options root=PARTUUID=xxxxx-xxxx-xxxxa  ro quiet yockgen=2
> > ```
> >
> > With Secure Boot enabled, the /proc/cmdline is no longer overwritten by the systemd-boot configuration. The cmdline is shown those params during UKI built time.
> >
> > Runtime logs as below:
> >
> > ```
> > root at YockgenOS [ ~ ]# cat /proc/cmdline
> > BOOT_IMAGE=/boot/vmlinuz-6.6.43-1.cm2       rd.auto=1 root=PARTUUID=21f13e53-110f-4be5-b18a-fed745cacc87 init=/lib/systemd/systemd ro loglevel=3 no-vmw-sta crashkernel=256M lockdown=integrity lockdown=integrity sysctl.kernel.unprivileged_bpf_disabled=1 net.ifnames=0 plymouth.enable=0 systemd.legacy_systemd_cgroup_controller=yes systemd.unified_cgroup_hierarchy=0
> >
> > root at YockgenOS [ ~ ]# cat /boot/efi/loader/entries/sos1.conf
> > Title   Yockgen OS1 UKI
> > efi     /EFI/Linux/linux-6.1.0-0.efi.signed
> > options root=PARTUUID=xxxxx-xxxx-xxxxa  ro quiet yockgen=1
> >
> >
> > root at YockgenOS [ ~ ]# cat /boot/efi/loader/entries/sos2.conf
> > Title   Yockgen OS2 UKI
> > efi     /EFI/Linux/linux-6.1.0-1.efi.signed
> > options root=PARTUUID=xxxxx-xxxx-xxxxa  ro quiet yockgen=2
> > ```
> > I couldn't hardcode the 'yockgen' parameter during the build process, as its value depends on the runtime environment. This value needs to be assessed by a custom Dracut module during the initrd stage to mount specific devices.
> >
> > What could be the possible solution for this?
> >
> > Thanks a lot, of any guidance!
> 
> You have the following options:
> 
> 1. You encode the full set of cmdline choices in the UKI. Starting
>    with the upcoming v257 we support "multi-profile" UKIs, that
>    basically allow you to encode multiple different but fixed choices,
>    so that one UKI can synthesize multiple menu entries in sd-boot.
> 
> 2. You use PE "addons" for the kernel cmdline. Which are PE binaries
>    that resemble UKIs in structure, but do not contain any code
>    (i.e. no real PE stub, and no .linux section). They can be
>    SecureBoot signed like any other PE binary, which is how they are
>    authenticated. You can drop them as "side-car" next to your UKI and
>    their contents will be combined/override the relevant sections in
>    the main UKI. This is already available in released systemd
>    versions. See sd-stub man page for details.

I'll add the obvious 3rd option:

Detect the needed configuration at bootloader, kernel or initrd runtime
based on data available on the device. Information can be in devicetree,
ACPI tables or HW buses which can be scanned.

Bootloader, kernel and initrd can do quite complex setup tasks.

For UEFI secure and TPM based measured boot, kernel command line
needs to be static inside the signed and measured binaries.

Cheers,

-Mikko

More information about the systemd-devel mailing list