Documentation ¶
Index ¶
- Variables
- func Force(booloader Bootloader)
- func ForceError(err error)
- func InstallBootConfig(gadgetDir, rootDir string, opts *Options) error
- type BootFile
- type Bootloader
- type ExtractedRecoveryKernelImageBootloader
- type ExtractedRunKernelImageBootloader
- type Options
- type RecoveryAwareBootloader
- type Role
- type TrustedAssetsBootloader
Constants ¶
This section is empty.
Variables ¶
var ( // ErrBootloader is returned if the bootloader can not be determined. ErrBootloader = errors.New("cannot determine bootloader") // ErrNoTryKernelRef is returned if the bootloader finds no enabled // try-kernel. ErrNoTryKernelRef = errors.New("no try-kernel referenced") )
Functions ¶
func Force ¶
func Force(booloader Bootloader)
Force can be used to force Find to always find the specified bootloader; use nil to reset to normal lookup.
func ForceError ¶
func ForceError(err error)
ForceError can be used to force Find to return an error; use nil to reset to normal lookup.
func InstallBootConfig ¶
InstallBootConfig installs the bootloader config from the gadget snap dir into the right place.
Types ¶
type BootFile ¶
type BootFile struct { // Path is the path to the file in the filesystem or, if Snap // is set, the relative path inside the snap file. Path string // Snap contains the path to the snap file if a snap file is used. Snap string // Role is set to the role of the bootloader this boot file // originates from. Role Role }
BootFile represents each file in the chains of trusted assets and kernels used in the boot process. For example a boot file can be an EFI binary or a snap file containing an EFI binary.
func NewBootFile ¶
type Bootloader ¶
type Bootloader interface { // Return the value of the specified bootloader variable. GetBootVars(names ...string) (map[string]string, error) // Set the value of the specified bootloader variable. SetBootVars(values map[string]string) error // Name returns the bootloader name. Name() string // Present returns whether the bootloader is currently present on the // system - in other words whether this bootloader has been installed to the // current system. Implementations should only return non-nil error if they // can positively identify that the bootloader is installed, but there is // actually an error with the installation. Present() (bool, error) // InstallBootConfig will try to install the boot config in the // given gadgetDir to rootdir. InstallBootConfig(gadgetDir string, opts *Options) error // ExtractKernelAssets extracts kernel assets from the given kernel snap. ExtractKernelAssets(s snap.PlaceInfo, snapf snap.Container) error // RemoveKernelAssets removes the assets for the given kernel snap. RemoveKernelAssets(s snap.PlaceInfo) error }
Bootloader provides an interface to interact with the system bootloader.
func Find ¶
func Find(rootdir string, opts *Options) (Bootloader, error)
Find returns the bootloader for the system or an error if no bootloader is found.
The rootdir option is useful for image creation operations. It can also be used to find the recovery bootloader, e.g. on uc20:
bootloader.Find("/run/mnt/ubuntu-seed")
type ExtractedRunKernelImageBootloader ¶
type ExtractedRunKernelImageBootloader interface { Bootloader // EnableKernel enables the specified kernel on ubuntu-boot to be used // during normal boots. The specified kernel should already have been // extracted. This is usually implemented with a "kernel.efi" symlink // pointing to the extracted kernel image. EnableKernel(snap.PlaceInfo) error // EnableTryKernel enables the specified kernel on ubuntu-boot to be // tried by the bootloader on a reboot, to be used in conjunction with // setting "kernel_status" to "try". The specified kernel should already // have been extracted. This is usually implemented with a // "try-kernel.efi" symlink pointing to the extracted kernel image. EnableTryKernel(snap.PlaceInfo) error // Kernel returns the current enabled kernel on the bootloader, not // necessarily the kernel that was used to boot the current session, but the // kernel that is enabled to boot on "normal" boots. // If error is not nil, the first argument shall be non-nil. Kernel() (snap.PlaceInfo, error) // TryKernel returns the current enabled try-kernel on the bootloader, if // there is no such enabled try-kernel, then ErrNoTryKernelRef is returned. // If error is not nil, the first argument shall be non-nil. TryKernel() (snap.PlaceInfo, error) // DisableTryKernel disables the current enabled try-kernel on the // bootloader, if it exists. It does not need to return an error if the // enabled try-kernel does not exist or is in an inconsistent state before // disabling it, errors should only be returned when the implementation // fails to disable the try-kernel. DisableTryKernel() error }
ExtractedRunKernelImageBootloader is a Bootloader that also supports specific methods needed to setup booting from an extracted kernel, which is needed to implement encryption and/or secure boot. Prototypical implementation is UC20 grub implementation with FDE.
type Options ¶
type Options struct { // PrepareImageTime indicates whether the booloader is being // used at prepare-image time, that means not on a runtime // system. PrepareImageTime bool // Role specifies to use the bootloader for the given role. Role Role // NoSlashBoot indicates to use the native layout of the // bootloader partition and not the /boot mount. // It applies only for RoleRunMode. // It is implied and ignored for RoleRecovery. // It is an error to set it for RoleSole. NoSlashBoot bool }
Options carries bootloader options.
type RecoveryAwareBootloader ¶
type Role ¶
type Role string
Role indicates whether the bootloader is used for recovery or run mode.
type TrustedAssetsBootloader ¶
type TrustedAssetsBootloader interface { Bootloader // ManagedAssets returns a list of boot assets managed by the bootloader // in the boot filesystem. Does not require rootdir to be set. ManagedAssets() []string // UpdateBootConfig attempts to update the boot config assets used by // the bootloader. Returns true when assets were updated. UpdateBootConfig() (bool, error) // CommandLine returns the kernel command line composed of mode and // system arguments, built-in bootloader specific static arguments // corresponding to the on-disk boot asset edition, followed by any // extra arguments. The command line may be different when using a // recovery bootloader. CommandLine(modeArg, systemArg, extraArgs string) (string, error) // CandidateCommandLine is similar to CommandLine, but uses the current // edition of managed built-in boot assets as reference. CandidateCommandLine(modeArg, systemArg, extraArgs string) (string, error) // TrustedAssets returns the list of relative paths to assets inside the // bootloader's rootdir that are measured in the boot process in the // order of loading during the boot. Does not require rootdir to be set. TrustedAssets() ([]string, error) // RecoveryBootChain returns the load chain for recovery modes. // It should be called on a RoleRecovery bootloader. RecoveryBootChain(kernelPath string) ([]BootFile, error) // BootChain returns the load chain for run mode. // It should be called on a RoleRecovery bootloader passing the // RoleRunMode bootloader. BootChain(runBl Bootloader, kernelPath string) ([]BootFile, error) }
TrustedAssetsBootloader has boot assets that take part in the secure boot process and need to be tracked, while other boot assets (typically boot config) are managed by snapd.
Directories ¶
Path | Synopsis |
---|---|
Package efi supports reading EFI variables.
|
Package efi supports reading EFI variables. |