Passing Kernel Params from systemd-boot for Secure Boot UKI

My Mariner OS is built with following features:

 

1, Unified Kernel Image (kernel+initrd+cmdline)

2. Systemd-boot as boot loader

3. Secure Boot enabled

4. Multi boot

 

Systemd-boot config files looks like below 

 

```

root@YockgenOS [ ~ ]# cat /boot/efi/loader/entries/sos1.conf

Title   Yockgen OS1 UKI

efi     /EFI/Linux/linux-6.1.0-0.efi.signed

options root=PARTUUID=xxxxx-xxxx-xxxxa ro quiet yockgen=1

```

```

root@YockgenOS [ ~ ]# cat /boot/efi/loader/entries/sos2.conf

Title   Yockgen OS2 UKI

efi     /EFI/Linux/linux-6.1.0-1.efi.signed

options root=PARTUUID=xxxxx-xxxx-xxxxa  ro quiet yockgen=2

```

 

With Secure Boot enabled, the /proc/cmdline is no longer overwritten by the systemd-boot configuration. The cmdline is shown those params during UKI built time.

 

Runtime logs as below:

 

```

root@YockgenOS [ ~ ]# cat /proc/cmdline

BOOT_IMAGE=/boot/vmlinuz-6.6.43-1.cm2       rd.auto=1 root=PARTUUID=21f13e53-110f-4be5-b18a-fed745cacc87 init=/lib/systemd/systemd ro loglevel=3 no-vmw-sta crashkernel=256M lockdown=integrity lockdown=integrity sysctl.kernel.unprivileged_bpf_disabled=1 net.ifnames=0 plymouth.enable=0 systemd.legacy_systemd_cgroup_controller=yes systemd.unified_cgroup_hierarchy=0

 

root@YockgenOS [ ~ ]# cat /boot/efi/loader/entries/sos1.conf

Title   Yockgen OS1 UKI

efi     /EFI/Linux/linux-6.1.0-0.efi.signed

options root=PARTUUID=xxxxx-xxxx-xxxxa  ro quiet yockgen=1

 

 

root@YockgenOS [ ~ ]# cat /boot/efi/loader/entries/sos2.conf

Title   Yockgen OS2 UKI

efi     /EFI/Linux/linux-6.1.0-1.efi.signed

options root=PARTUUID=xxxxx-xxxx-xxxxa  ro quiet yockgen=2

```

I couldn't hardcode the 'yockgen' parameter during the build process, as its value depends on the runtime environment. This value needs to be assessed by a custom Dracut module during the initrd stage to mount specific devices.

 

What could be the possible solution for this?

 

Thanks a lot, of any guidance!