Boot path querying
16 views
Skip to first unread message
Jan Kiszka
Feb 23, 2018, 10:06:35 AM2/23/18
to efibootguard-dev
Hi all,
for various purposes, including securing the boot process, we identified
the requirement to query the last used boot path from within the booted
system. That would also allow, among other things, to remove the need
for setting a specific rootfs in each ebg environment and rather derive
it from that query inside an initramfs e.g.
Options to provide this feature:
a) add a command line tool that queries all ebg environments to figure
out which one was last booted -> is the exist state space sufficient
to derive that information?
b) pass information which environment (partition?) ebg chose to the
kernel it boots via
b1) pseudo parameter to the kernel -> not nice as that pollutes the
parameter namespace of the kernel binary
b2) via some variable that get resolved when building the kernel
parameter string
Any ideas, comments, suggestions on this?
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
for various purposes, including securing the boot process, we identified
the requirement to query the last used boot path from within the booted
system. That would also allow, among other things, to remove the need
for setting a specific rootfs in each ebg environment and rather derive
it from that query inside an initramfs e.g.
Options to provide this feature:
a) add a command line tool that queries all ebg environments to figure
out which one was last booted -> is the exist state space sufficient
to derive that information?
b) pass information which environment (partition?) ebg chose to the
kernel it boots via
b1) pseudo parameter to the kernel -> not nice as that pollutes the
parameter namespace of the kernel binary
b2) via some variable that get resolved when building the kernel
parameter string
Any ideas, comments, suggestions on this?
Jan
--
Siemens AG, Corporate Technology, CT RDA IOT SES-DE
Corporate Competence Center Embedded Linux
Andreas Reichel
Feb 26, 2018, 4:57:56 AM2/26/18
to [ext] Jan Kiszka, efibootguard-dev
On Fri, Feb 23, 2018 at 04:06:32PM +0100, [ext] Jan Kiszka wrote:
> Hi all,
>
> for various purposes, including securing the boot process, we identified
> the requirement to query the last used boot path from within the booted
> system. That would also allow, among other things, to remove the need
> for setting a specific rootfs in each ebg environment and rather derive
> it from that query inside an initramfs e.g.
>
> Options to provide this feature:
>
> a) add a command line tool that queries all ebg environments to figure
> out which one was last booted -> is the exist state space sufficient
> to derive that information?
If we modify the output of bg_printenv, the partition can be printed
> Hi all,
>
> for various purposes, including securing the boot process, we identified
> the requirement to query the last used boot path from within the booted
> system. That would also allow, among other things, to remove the need
> for setting a specific rootfs in each ebg environment and rather derive
> it from that query inside an initramfs e.g.
>
> Options to provide this feature:
>
> a) add a command line tool that queries all ebg environments to figure
> out which one was last booted -> is the exist state space sufficient
> to derive that information?
together with the highest revision that is not in progress.
This way, no additional tool would be needed, for example:
Current Revision: 7 (/dev/sda2)
This can easily be retrieved with grep.
>
> b) pass information which environment (partition?) ebg chose to the
> kernel it boots via
This is the environment with the highest revision which is not
> b) pass information which environment (partition?) ebg chose to the
> kernel it boots via
in progress (already solved by a)
> b1) pseudo parameter to the kernel -> not nice as that pollutes the
> parameter namespace of the kernel binary
way it should start with the initrd as root and the parameter
space is not polluted. Later on, the initrd can use pivot_root
system call to move root to the extracted value from
bg_printenv.
However, currently not all systems use initrd... for example we
have none in some yocto builds.
> b2) via some variable that get resolved when building the kernel
> parameter string
>
Andreas
> Any ideas, comments, suggestions on this?
>
> Jan
>
> --
> Siemens AG, Corporate Technology, CT RDA IOT SES-DE
> Corporate Competence Center Embedded Linux
>
> You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to efibootguard-d...@googlegroups.com.
> To post to this group, send email to efibootg...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/17592bad-af66-b7c7-062b-f64723457010%40siemens.com.
> For more options, visit https://groups.google.com/d/optout.
--
Andreas Reichel
Dipl.-Phys. (Univ.)
Software Consultant
Andreas...@tngtech.com, +49-174-3180074
TNG Technology Consulting GmbH, Betastr. 13a, 85774 Unterfoehring
Geschaeftsfuehrer: Henrik Klagges, Dr. Robert Dahlke, Gerhard Mueller
Sitz: Unterfoehring * Amtsgericht Muenchen * HRB 135082
Jan Kiszka
Feb 26, 2018, 5:03:18 AM2/26/18
to Andreas Reichel, efibootguard-dev
On 2018-02-26 10:54, Andreas Reichel wrote:
> On Fri, Feb 23, 2018 at 04:06:32PM +0100, [ext] Jan Kiszka wrote:
>> Hi all,
>>
>> for various purposes, including securing the boot process, we identified
>> the requirement to query the last used boot path from within the booted
>> system. That would also allow, among other things, to remove the need
>> for setting a specific rootfs in each ebg environment and rather derive
>> it from that query inside an initramfs e.g.
>>
>> Options to provide this feature:
>>
>> a) add a command line tool that queries all ebg environments to figure
>> out which one was last booted -> is the exist state space sufficient
>> to derive that information?
> If we modify the output of bg_printenv, the partition can be printed
> together with the highest revision that is not in progress.
> This way, no additional tool would be needed, for example:
>
> Current Revision: 7 (/dev/sda2)
>
> This can easily be retrieved with grep.
If we already extend the tool, then we should also provide a directly
> On Fri, Feb 23, 2018 at 04:06:32PM +0100, [ext] Jan Kiszka wrote:
>> Hi all,
>>
>> for various purposes, including securing the boot process, we identified
>> the requirement to query the last used boot path from within the booted
>> system. That would also allow, among other things, to remove the need
>> for setting a specific rootfs in each ebg environment and rather derive
>> it from that query inside an initramfs e.g.
>>
>> Options to provide this feature:
>>
>> a) add a command line tool that queries all ebg environments to figure
>> out which one was last booted -> is the exist state space sufficient
>> to derive that information?
> If we modify the output of bg_printenv, the partition can be printed
> together with the highest revision that is not in progress.
> This way, no additional tool would be needed, for example:
>
> Current Revision: 7 (/dev/sda2)
>
> This can easily be retrieved with grep.
machine-readable output option.
Jan
Reply all
Reply to author
Forward
0 new messages