Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?

[Lennart Poettering <lennart@xxxxxxxxxxxxxx>]

On Mi, 23.11.22 10:22, Daniel Harms (jdharms@xxxxxxxxx) wrote:

> Hello,
>
> We are doing some experiments with booting self-signed Unified Kernel
> Images (UKIs) using systemd-boot.  Our eventual use-case is edge/IoT
> devices, so no interactive user will be present for most OS upgrade
> flows.
>
> In doing some testing on the boot option fallback features (in a
> vmware vm) we’ve run into a snag—when we set up an unsigned UKI as the
> first option and a properly signed UKI as the second option,
> systemd-boot appears to attempt to boot the unsigned one (as
> expected), the system reports a security violation, but then the
> firmware kicks us to the next boot option.

Hmm, are you sure this is the firmware? Normally a security violation
should just be returned as an error to sd-boot, and sd-boot should be
able to pick the next option then. Not entirely sure this works
correctly though. There might be a bug lurking somewhere.

it's simply not a case we regular test for. But it should be a case
that just works.

Lennart

--
Lennart Poettering, Berlin