Thanks! I did below: ukify build --secureboot-private-key=../../db.key --secureboot-certificate=../../db.crt --cmdline='yockgenxxxx' --sbat='sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md uki-addon.author,1,UKI Addon for System,uki-addon.author,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.html' --output= linux-9-9.addon.efi And, my UI and addon stored on below: root@TiberOS [ /boot/efi/EFI/Linux ]# ls linux-9-9.addon.efi linux-9-9.efi However, when I booted it, and check the cmdline, doesn't seems like the new "yockgenxxxx" has been added? Log as below: root@TiberOS [ /boot/efi/EFI/Linux ]# cat /proc/cmdline BOOT_IMAGE=/boot/vmlinuz-6.6.43-1.cm2 rd.auto=1 root=PARTUUID=xxxxxx-fed745cacc87 init=/lib/systemd/systemd ro loglevel=3 no-vmw-sta crashkernel=256M lockdown=integrity lockdown=integrity sysctl.kernel.unprivileged_bpf_disabled=1 net.ifnames=0 plymouth.enable=0 systemd.legacy_systemd_cgroup_controller=yes systemd.unified_cgroup_hierarchy=0 Am I doing it right? I'm first timer on this, really appreciate your guidance on it. Thanks! -----Original Message----- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx> Sent: Tuesday, October 8, 2024 9:39 PM To: Mah, Yock Gen <yock.gen.mah@xxxxxxxxx> Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Passing Kernel Params from systemd-boot for Secure Boot UKI On Di, 08.10.24 12:37, Mah, Yock Gen (yock.gen.mah@xxxxxxxxx) wrote: > Really appreciate! I tried to create an PE "addon" using below: > > echo "yockgen=b" > cmdline.txt > > objcopy --input binary --output efi-app-x86_64 cmdline.txt > bootdm_b.addon.efi This doesn't look right. You must insert the cmdline in the ".cmdline" PE section, of course. As mentioned, addons follow the same structure as UKIs after all. We generally recommend using ukify for generating UKIs and PE addons. The man page even has an example doing exactly what you need to do: https://github.com/systemd/systemd/blob/main/man/ukify.xml#L674 Lennart -- Lennart Poettering, Berlin
Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
- From: "Mah, Yock Gen" <yock.gen.mah@xxxxxxxxx>
- Date: Tue, 8 Oct 2024 14:25:18 +0000
- Accept-language: en-US
- Cc: "systemd-devel@xxxxxxxxxxxxxxxxxxxxx" <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <ZwU2CQH8K14esqNt@gardel-login>
- References: <SJ2PR11MB7645FB4F085CF16A839E28A2D97D2@SJ2PR11MB7645.namprd11.prod.outlook.com> <ZwTdnRJX6VVy3cpW@gardel-login> <SJ2PR11MB76456C57B4920705114CBC73D97E2@SJ2PR11MB7645.namprd11.prod.outlook.com> <ZwU2CQH8K14esqNt@gardel-login>
- Follow-Ups:
- Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
- From: Lennart Poettering
- Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
- References:
- Passing Kernel Params from systemd-boot for Secure Boot UKI
- From: Mah, Yock Gen
- Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
- From: Lennart Poettering
- Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
- From: Mah, Yock Gen
- Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
- From: Lennart Poettering
- Passing Kernel Params from systemd-boot for Secure Boot UKI
- Prev by Date: Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
- Next by Date: Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
- Previous by thread: Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
- Next by thread: Re: Passing Kernel Params from systemd-boot for Secure Boot UKI
- Index(es):
 |