[EBG] Update Unified Kernel - Boot Handler and Kernel args

[Javier]

Hi all,

I would like to know if the Unified Kernel from EFI Boot Guard can read from the Kernel boot args to determine which RFS to boot.

https://github.com/siemens/efibootguard/blob/master/docs/UNIFIED-KERNEL.md

I am currently using the Bootloader handler from SWUpdate to configure the Kernel arguments needed for booting. However, I would like to use the Unified Kernel with some of these kernel arguments, but I would like to leave the RFS empty. This way, I can create a common kernel image for RFS A and B, and continue configuring which RFS to boot from the Bootloader handler.

However, it seems that the kernel arguments from the Unified Kernel cannot be merged with kernelargs from the Bootloader handler.

https://github.com/siemens/efibootguard/blob/master/docs/UNIFIED-KERNEL.md?plain=1#L29

Is there any way to make the Unified Kernel arguments configurable, or should I create two different artifacts, one for Kernel A and another for Kernel B?

Best regards,

Javier

[Storm, Christian]

Hi Javier,

The UKI arguments should remain static by design: Consider a Secure Boot scenario, there you wouldn't want to leak in (insecure) Kernel command line flags, hence they're build-time static. That's also the reason for the initrd being baked into the UKI which is in fact one of the drivers of having "invented" UKIs. So while technically you could, you shouldn't :)

The way to go here is to create two Kernel artifacts (one for A, one for B) and let that Kernel determine its root filesystem by other means than Kernel command line flags.

Kind regards,
Christian

--
Dr. Christian Storm
Siemens AG, Technology, T CED OES-DE
Otto-Hahn-Ring 6, 81739 Munich, Germany

[Javier]

Hi Christian,

Totally clear.

Thank you for the answer,

Javier