Skip to content

Commit

Permalink
Override boot assessment services for UKI (#1149)
Browse files Browse the repository at this point in the history
  • Loading branch information
Itxaka authored Nov 25, 2024
1 parent 3a5c283 commit 1ae9254
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 1 deletion.
2 changes: 1 addition & 1 deletion packages/static/kairos-overlay-files/collection.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
packages:
- name: "kairos-overlay-files"
category: "static"
version: "1.5.1"
version: "1.6.0"
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: "Enable EFI assessment"
stages:
initramfs:
- name: "Override systemd-boot services to enable RW on /efi partition"
if: '([ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ]) && [ -e "/run/cos/uki_boot_mode" ]'
files:
- path: /etc/systemd/system/systemd-bless-boot.service.d/override.conf
permissions: 0644
owner: 0
group: 0
content: |
[Service]
# Allow RW on /efi partition
ExecStartPre=mount -o remount,rw /efi
# Remove the assessment suffix from loader.conf if any
ExecStartPost=sed -i -E 's/(default\s+)*\+[0-9]+(-[0-9]+)?(\.conf)/\1\3/' /efi/loader/loader.conf
# Revert back to RO on /efi partition
ExecStartPost=mount -o remount,ro /efi
- path: /etc/systemd/system/systemd-boot-random-seed.service.d/override.conf
permissions: 0644
owner: 0
group: 0
content: |
[Service]
# Allow RW on /efi partition
ExecStartPre=mount -o remount,rw /efi
# Revert back to RO on /efi partition
ExecStartPost=mount -o remount,ro /efi
- name: "Enable boot assessment"
if: '([ -e "/sbin/systemctl" ] || [ -e "/usr/bin/systemctl" ] || [ -e "/usr/sbin/systemctl" ]) && [ -e "/run/cos/uki_boot_mode" ]'
systemctl:
enable:
- name: "systemd-bless-boot"

0 comments on commit 1ae9254

Please sign in to comment.