boot: explain why we refuse to edit kernel cmdline when we do so

(cherry picked from commit c4d281fa1a)
2025-01-06 13:17:44 +03:00 · 2023-08-21 22:56:07 +02:00 · 2023-08-21 22:56:07 +02:00 · 5f09b13339
commit 5f09b13339
parent bec4bb92e2
1 changed files with 7 additions and 3 deletions
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@ -918,17 +918,21 @@ static bool menu_run(
                case KEYPRESS(0, 0, 'e'):
                case KEYPRESS(0, 0, 'E'):
                        /* only the options of configured entries can be edited */
-                        if (!config->editor || !IN_SET(config->entries[idx_highlight]->type,
-                            LOADER_EFI, LOADER_LINUX, LOADER_UNIFIED_LINUX))
+                        if (!config->editor ||
+                            !IN_SET(config->entries[idx_highlight]->type, LOADER_EFI, LOADER_LINUX, LOADER_UNIFIED_LINUX)) {
+                                status = xstrdup16(u"Entry does not support editing the command line.");
                                break;
+                        }

                        /* Unified kernels that are signed as a whole will not accept command line options
                         * when secure boot is enabled unless there is none embedded in the image. Do not try
                         * to pretend we can edit it to only have it be ignored. */
                        if (config->entries[idx_highlight]->type == LOADER_UNIFIED_LINUX &&
                            secure_boot_enabled() &&
-                            config->entries[idx_highlight]->options)
+                            config->entries[idx_highlight]->options) {
+                                status = xstrdup16(u"Entry not editable in SecureBoot mode.");
                                break;
+                        }

                        /* The edit line may end up on the last line of the screen. And even though we're
                         * not telling the firmware to advance the line, it still does in this one case,