system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-10-07 08:40:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
systemd/mkosi.presets
History
Luca Boccassi 05c9f9c251 stub: allow loading and verifying cmdline addons 
Files placed in /EFI/Linux/UKI.efi.extra.d/ and /loader/addons/ are
opened and verified using the LoadImage protocol, and will thus get
verified via shim/firmware.
If they are valid signed PE files, the .cmdline section will be
extracted and appended. If there are multiple addons in each directory,
they will be parsed in alphanumerical order.

Optionally the .uname sections are also matched if present, so
that they can be used to filter out addons as well if needed, and only
addons that correspond exactly to the UKI being loaded are used.
It is recommended to also always add a .sbat section to addons, so
that they can be mass-revoked with just a policy update.

The files must have a .addon.efi suffix.

Files in the per-UKI directory are parsed, sorted, measured and
appended first. Then, files in the generic directory are processed.
2023-05-24 15:02:36 +01:00
..
00-base stub: allow loading and verifying cmdline addons 2023-05-24 15:02:36 +01:00
10-initrd mkosi: Package a erofs usr partition with signed verity 2023-05-13 10:49:17 +02:00
20-final stub: allow loading and verifying cmdline addons 2023-05-24 15:02:36 +01:00