diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml index 5650c53f02..337759a0c3 100644 --- a/man/systemd-stub.xml +++ b/man/systemd-stub.xml @@ -135,7 +135,12 @@ For a kernel binary called foo.efi, it will look for files with the .cred suffix in a directory named - foo.efi.extra.d/ next to it. A cpio + foo.efi.extra.d/ next to it. If the kernel binary + uses a counter for the purpose of + Automatic Boot Assessment, this + counter will be ignored. For example, foo+3-0.efi + will look in directory foo.efi.extra.d/. + A cpio archive is generated from all files found that way, placing them in the /.extra/credentials/ directory of the initrd file hierarchy. The main initrd may then access them in this directory. This is supposed to be used to store auxiliary, encrypted, diff --git a/src/boot/efi/util.c b/src/boot/efi/util.c index 32796f9ff2..25f5e0f032 100644 --- a/src/boot/efi/util.c +++ b/src/boot/efi/util.c @@ -646,6 +646,34 @@ void *find_configuration_table(const EFI_GUID *guid) { return NULL; } +static void remove_boot_count(char16_t *path) { + char16_t *prefix_end; + const char16_t *tail; + uint64_t ignored; + + assert(path); + + prefix_end = strchr16(path, '+'); + if (!prefix_end) + return; + + tail = prefix_end + 1; + + if (!parse_number16(tail, &ignored, &tail)) + return; + + if (*tail == '-') { + ++tail; + if (!parse_number16(tail, &ignored, &tail)) + return; + } + + if (!IN_SET(*tail, '\0', '.')) + return; + + strcpy16(prefix_end, tail); +} + char16_t *get_extra_dir(const EFI_DEVICE_PATH *file_path) { if (!file_path) return NULL; @@ -666,5 +694,6 @@ char16_t *get_extra_dir(const EFI_DEVICE_PATH *file_path) { return NULL; convert_efi_path(file_path_str); + remove_boot_count(file_path_str); return xasprintf("%ls.extra.d", file_path_str); }