1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
systemd/mkosi.presets/20-final
Luca Boccassi 05c9f9c251 stub: allow loading and verifying cmdline addons
Files placed in /EFI/Linux/UKI.efi.extra.d/ and /loader/addons/ are
opened and verified using the LoadImage protocol, and will thus get
verified via shim/firmware.
If they are valid signed PE files, the .cmdline section will be
extracted and appended. If there are multiple addons in each directory,
they will be parsed in alphanumerical order.

Optionally the .uname sections are also matched if present, so
that they can be used to filter out addons as well if needed, and only
addons that correspond exactly to the UKI being loaded are used.
It is recommended to also always add a .sbat section to addons, so
that they can be mass-revoked with just a policy update.

The files must have a .addon.efi suffix.

Files in the per-UKI directory are parsed, sorted, measured and
appended first. Then, files in the generic directory are processed.
2023-05-24 15:02:36 +01:00
..
mkosi.conf.d mkosi: Package a erofs usr partition with signed verity 2023-05-13 10:49:17 +02:00
mkosi.extra stub: allow loading and verifying cmdline addons 2023-05-24 15:02:36 +01:00
mkosi.repart mkosi: Drop squashfs dropin 2023-05-15 15:41:53 +02:00
mkosi.conf mkosi: Install tmux in the final image 2023-05-15 11:45:58 +01:00
mkosi.finalize mkosi: Store /etc under /usr/share/factory/mkosi 2023-05-13 09:17:15 +02:00
mkosi.kernel.build mkosi: Look for mkosi.kernel/ in the top level directory 2023-05-04 15:45:42 +02:00
mkosi.postinst mkosi: Switch to use mkosi presets with prebuilt initrds 2023-05-01 15:39:50 +02:00