boot: don't pass kernel cmdline option to UKIs which have the very same line built-in

There's really no point in first extracting a command line from an UKI to just pass it unmodified to the UKI. In particular as this is systematically ignored in SecureBoot is enabled. Let's drop this, so that unless the user actually edits the cmdline we pass nothing to the invoked kernel. Note that this low-key is a compat break, since the passed cmdline gets measured. However, in the interest of minimized the difference between systems with and without sd-boot to behave the same i think we should suppress the command line anyway.
2025-02-25 21:57:32 +03:00 · 2023-08-21 18:18:41 +02:00 · 2023-08-21 18:18:41 +02:00 · 73f0eedf9b
commit 73f0eedf9b
parent 23cbe90d7d
1 changed files with 10 additions and 1 deletions
--- a/src/boot/efi/boot.c
+++ b/src/boot/efi/boot.c
@ -56,6 +56,7 @@ typedef struct {
        char16_t *loader;
        char16_t *devicetree;
        char16_t *options;
+        bool options_implied; /* If true, these options are implied if we invoke the PE binary without any parameters (as in: UKI). If false we must specify these options explicitly. */
        char16_t **initrd;
        char16_t key;
        EFI_STATUS (*call)(void);
@ -942,6 +943,10 @@ static bool menu_run(
                        print_at(1, y_status, COLOR_EDIT, clearline + 2);
                        exit = line_edit(&config->entries[idx_highlight]->options, x_max - 2, y_status);
                        print_at(1, y_status, COLOR_NORMAL, clearline + 2);
+
+                        /* The options string was now edited, hence we have to pass it to the invoked
+                         * binary. */
+                        config->entries[idx_highlight]->options_implied = false;
                        break;

                case KEYPRESS(0, 0, 'v'):
@ -2248,6 +2253,7 @@ static void config_entry_add_unified(
                if (err == EFI_SUCCESS) {
                        entry->options = xstrn8_to_16(content, cmdline_len);
                        mangle_stub_cmdline(entry->options);
+                        entry->options_implied = true;
                }
        }
 }
@ -2398,7 +2404,10 @@ static EFI_STATUS image_start(
        if (err != EFI_SUCCESS)
                return log_error_status(err, "Error getting LoadedImageProtocol handle: %m");

-        char16_t *options = options_initrd ?: entry->options;
+        /* If we had to append an initrd= entry to the command line, we have to pass it, and measure
+         * it. Otherwise, only pass/measure it if it is not implicit anyway (i.e. embedded into the UKI or
+         * so). */
+        char16_t *options = options_initrd ?: entry->options_implied ? NULL : entry->options;
        if (options) {
                loaded_image->LoadOptions = options;
                loaded_image->LoadOptionsSize = strsize16(options);