We are supposed to update on disk from the back of the boot chain to
the beginning. That means and old shim should not be expected to
install a new grub.
We can reduce the list of possible boot chains we give to secboot.
When we will switch to secboot master, secboot will fail if
it sees boot chains that cannot work. So we should make sure not
to pass them.
There is still a bug where we update the seed partition before boot
partition. But here we assume the bug is fixed.
This is needed to re-merge #13402.
Hashes for boot assets are in a list that is already predictable: if
there is only one hash, then the asset is not modified; if there are 2
hashes, then the first one is the old asset, and the second is the new
asset.
There is no need to re-sort the hashes. And we lose the semantic if we
do. We want to keep that semantic so we can prune impossible boot chains.
As we are reverting some old behavior because of an ordering bug we
need to reintroduce some cases in a refactored test. If the shim and
grub do not change of path, we need to accept the chain new shim ->
old grub. This is because we get confused and mix up old and new grub
somewhere else that has not been fixed yet.
This reverts #13402.
`tests/nested/manual/uc-update-assets-secure-add-sbat` shows some
failures from time to time. It is possible in some context, the wrong
hashes are pruned when resealing.
We need to resolve the boot chains another place based on the trusted
assets we encountered to be installed. At this point it could be any chain.
We will need to discover later what the correct chain is.
Also make TrustedAssets return an unsorted data structure to make sure
we do not use the order like the comments claimed.
* boot: prune some bootchains that should not happen
We are supposed to update on disk from the back of the boot chain to
the beginning. That means and old shim should not be expected to
install a new grub.
We can reduce the list of possible boot chains we give to secboot.
When we will switch to secboot master, secboot will fail if
it sees boot chains that cannot work. So we should make sure not
to pass them.
There is still a bug where we update the seed partition before boot
partition. But here we assume the bug is fixed.
* fixup! boot: prune some bootchains that should not happen
* fixup! boot: prune some bootchains that should not happen
* fixup! boot: prune some bootchains that should not happen
* fixup! boot: prune some bootchains that should not happen
We know what are the default the default command line so that we can
compute measurement, so there is not much reason to use
`snapd_extra_cmdline_args`. Always using `snapd_full_cmdline_args`
will allow us to filter part of the default command line.
There is a potential bug when filtering all arguments, `grub.cfg` will
just revert to the all the default. We will need to fix it when we
introduce the filtering.
Replace ioutil.WriteFile with os.WriteFile since the former has been
deprecated since go1.16 and simply calls the latter.
Signed-off-by: Miguel Pires <miguel.pires@canonical.com>
this should allow to release the global state lock while doing resealing/sealing proper as those are slow operations in fact
* boot: use loadModeenv a bit more consistently and some XXXs
* boot: take a lock around read modeenv/modify(/reaseal) etc
* boot: do not seal without the modeenv associated lock
* boot: do not reseal without the modeenv associated lock
* boot,o/devicestate: introduce Unlocker to unlock global state
have boot.DeviceChange make use of it for a start
* boot: explain a bit more modeenvMu
* overlord: introduce state.Unlocker convenience method
* boot: check that the lock is taken also in bootStateUpdate20.commit
