Re: Passing Kernel Params from systemd-boot for Secure Boot UKI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Di, 08.10.24 14:25, Mah, Yock Gen (yock.gen.mah@xxxxxxxxx) wrote:

> Thanks! I did below:
> ukify build --secureboot-private-key=../../db.key --secureboot-certificate=../../db.crt --cmdline='yockgenxxxx' --sbat='sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md uki-addon.author,1,UKI Addon for System,uki-addon.author,1,https://www.freedesktop.org/software/systemd/man/systemd-stub.html' --output= linux-9-9.addon.efi
>
> And, my UI and addon stored on below:
> root@TiberOS [ /boot/efi/EFI/Linux ]# ls
> linux-9-9.addon.efi  linux-9-9.efi
>
>
> However, when I booted it, and check the cmdline, doesn't seems like the new "yockgenxxxx" has been added? Log as below:
> root@TiberOS [ /boot/efi/EFI/Linux ]# cat /proc/cmdline
> BOOT_IMAGE=/boot/vmlinuz-6.6.43-1.cm2       rd.auto=1 root=PARTUUID=xxxxxx-fed745cacc87 init=/lib/systemd/systemd ro loglevel=3 no-vmw-sta crashkernel=256M lockdown=integrity lockdown=integrity sysctl.kernel.unprivileged_bpf_disabled=1 net.ifnames=0 plymouth.enable=0 systemd.legacy_systemd_cgroup_controller=yes systemd.unified_cgroup_hierarchy=0
>
>
> Am I doing it right? I'm first timer on this, really appreciate your guidance on it.

Please consult the systemd-stub documentation.

For an UKI /EFI/Linux/foobar.efi in the ESP any addons must be placed in /EFI/Linux/foobar.efi.extra.d/waldo.addon.efi

i.e. the ….extra.d/ subdir is where to place things.

Also make sure your systemd-stub is new enough. i.e. at least v254,
better newer.

Lennart

--
Lennart Poettering, Berlin
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux