bootloader

package
v0.0.0-...-1f06296 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 4, 2021 License: GPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrBootloader is returned if the bootloader can not be determined.
	ErrBootloader = errors.New("cannot determine bootloader")

	// ErrNoTryKernelRef is returned if the bootloader finds no enabled
	// try-kernel.
	ErrNoTryKernelRef = errors.New("no try-kernel referenced")
)

Functions

func Force

func Force(booloader Bootloader)

Force can be used to force Find to always find the specified bootloader; use nil to reset to normal lookup.

func ForceError

func ForceError(err error)

ForceError can be used to force Find to return an error; use nil to reset to normal lookup.

func InstallBootConfig

func InstallBootConfig(gadgetDir, rootDir string, opts *Options) error

InstallBootConfig installs the bootloader config from the gadget snap dir into the right place.

Types

type BootFile

type BootFile struct {
	// Path is the path to the file in the filesystem or, if Snap
	// is set, the relative path inside the snap file.
	Path string
	// Snap contains the path to the snap file if a snap file is used.
	Snap string
	// Role is set to the role of the bootloader this boot file
	// originates from.
	Role Role
}

BootFile represents each file in the chains of trusted assets and kernels used in the boot process. For example a boot file can be an EFI binary or a snap file containing an EFI binary.

func NewBootFile

func NewBootFile(snap, path string, role Role) BootFile

func (BootFile) WithPath

func (b BootFile) WithPath(path string) BootFile

WithPath returns a copy of the BootFile with path updated to the specified value.

type Bootloader

type Bootloader interface {
	// Return the value of the specified bootloader variable.
	GetBootVars(names ...string) (map[string]string, error)

	// Set the value of the specified bootloader variable.
	SetBootVars(values map[string]string) error

	// Name returns the bootloader name.
	Name() string

	// Present returns whether the bootloader is currently present on the
	// system - in other words whether this bootloader has been installed to the
	// current system. Implementations should only return non-nil error if they
	// can positively identify that the bootloader is installed, but there is
	// actually an error with the installation.
	Present() (bool, error)

	// InstallBootConfig will try to install the boot config in the
	// given gadgetDir to rootdir.
	InstallBootConfig(gadgetDir string, opts *Options) error

	// ExtractKernelAssets extracts kernel assets from the given kernel snap.
	ExtractKernelAssets(s snap.PlaceInfo, snapf snap.Container) error

	// RemoveKernelAssets removes the assets for the given kernel snap.
	RemoveKernelAssets(s snap.PlaceInfo) error
}

Bootloader provides an interface to interact with the system bootloader.

func Find

func Find(rootdir string, opts *Options) (Bootloader, error)

Find returns the bootloader for the system or an error if no bootloader is found.

The rootdir option is useful for image creation operations. It can also be used to find the recovery bootloader, e.g. on uc20:

bootloader.Find("/run/mnt/ubuntu-seed")

func ForGadget

func ForGadget(gadgetDir, rootDir string, opts *Options) (Bootloader, error)

ForGadget returns a bootloader matching a given gadget by inspecting the contents of gadget directory or an error if no matching bootloader is found.

type ExtractedRecoveryKernelImageBootloader

type ExtractedRecoveryKernelImageBootloader interface {
	Bootloader
	ExtractRecoveryKernelAssets(recoverySystemDir string, s snap.PlaceInfo, snapf snap.Container) error
}

type ExtractedRunKernelImageBootloader

type ExtractedRunKernelImageBootloader interface {
	Bootloader

	// EnableKernel enables the specified kernel on ubuntu-boot to be used
	// during normal boots. The specified kernel should already have been
	// extracted. This is usually implemented with a "kernel.efi" symlink
	// pointing to the extracted kernel image.
	EnableKernel(snap.PlaceInfo) error

	// EnableTryKernel enables the specified kernel on ubuntu-boot to be
	// tried by the bootloader on a reboot, to be used in conjunction with
	// setting "kernel_status" to "try". The specified kernel should already
	// have been extracted. This is usually implemented with a
	// "try-kernel.efi" symlink pointing to the extracted kernel image.
	EnableTryKernel(snap.PlaceInfo) error

	// Kernel returns the current enabled kernel on the bootloader, not
	// necessarily the kernel that was used to boot the current session, but the
	// kernel that is enabled to boot on "normal" boots.
	// If error is not nil, the first argument shall be non-nil.
	Kernel() (snap.PlaceInfo, error)

	// TryKernel returns the current enabled try-kernel on the bootloader, if
	// there is no such enabled try-kernel, then ErrNoTryKernelRef is returned.
	// If error is not nil, the first argument shall be non-nil.
	TryKernel() (snap.PlaceInfo, error)

	// DisableTryKernel disables the current enabled try-kernel on the
	// bootloader, if it exists. It does not need to return an error if the
	// enabled try-kernel does not exist or is in an inconsistent state before
	// disabling it, errors should only be returned when the implementation
	// fails to disable the try-kernel.
	DisableTryKernel() error
}

ExtractedRunKernelImageBootloader is a Bootloader that also supports specific methods needed to setup booting from an extracted kernel, which is needed to implement encryption and/or secure boot. Prototypical implementation is UC20 grub implementation with FDE.

type Options

type Options struct {
	// PrepareImageTime indicates whether the booloader is being
	// used at prepare-image time, that means not on a runtime
	// system.
	PrepareImageTime bool

	// Role specifies to use the bootloader for the given role.
	Role Role

	// NoSlashBoot indicates to use the native layout of the
	// bootloader partition and not the /boot mount.
	// It applies only for RoleRunMode.
	// It is implied and ignored for RoleRecovery.
	// It is an error to set it for RoleSole.
	NoSlashBoot bool
}

Options carries bootloader options.

type RecoveryAwareBootloader

type RecoveryAwareBootloader interface {
	Bootloader
	SetRecoverySystemEnv(recoverySystemDir string, values map[string]string) error
	GetRecoverySystemEnv(recoverySystemDir string, key string) (string, error)
}

type Role

type Role string

Role indicates whether the bootloader is used for recovery or run mode.

const (
	// RoleSole applies to the sole bootloader used by UC16/18.
	RoleSole Role = ""
	// RoleRunMode applies to the run mode booloader.
	RoleRunMode Role = "run-mode"
	// RoleRecovery apllies to the recovery bootloader.
	RoleRecovery Role = "recovery"
)

type TrustedAssetsBootloader

type TrustedAssetsBootloader interface {
	Bootloader

	// ManagedAssets returns a list of boot assets managed by the bootloader
	// in the boot filesystem. Does not require rootdir to be set.
	ManagedAssets() []string
	// UpdateBootConfig attempts to update the boot config assets used by
	// the bootloader. Returns true when assets were updated.
	UpdateBootConfig() (bool, error)
	// CommandLine returns the kernel command line composed of mode and
	// system arguments, built-in bootloader specific static arguments
	// corresponding to the on-disk boot asset edition, followed by any
	// extra arguments. The command line may be different when using a
	// recovery bootloader.
	CommandLine(modeArg, systemArg, extraArgs string) (string, error)
	// CandidateCommandLine is similar to CommandLine, but uses the current
	// edition of managed built-in boot assets as reference.
	CandidateCommandLine(modeArg, systemArg, extraArgs string) (string, error)

	// TrustedAssets returns the list of relative paths to assets inside the
	// bootloader's rootdir that are measured in the boot process in the
	// order of loading during the boot. Does not require rootdir to be set.
	TrustedAssets() ([]string, error)

	// RecoveryBootChain returns the load chain for recovery modes.
	// It should be called on a RoleRecovery bootloader.
	RecoveryBootChain(kernelPath string) ([]BootFile, error)

	// BootChain returns the load chain for run mode.
	// It should be called on a RoleRecovery bootloader passing the
	// RoleRunMode bootloader.
	BootChain(runBl Bootloader, kernelPath string) ([]BootFile, error)
}

TrustedAssetsBootloader has boot assets that take part in the secure boot process and need to be tracked, while other boot assets (typically boot config) are managed by snapd.

Directories

Path Synopsis
Package efi supports reading EFI variables.
Package efi supports reading EFI variables.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL