Class: Bootloader::SystemdBoot

Inherits:
BootloaderBase show all
Includes:
Yast::I18n, Yast::Logger
Defined in:
src/lib/bootloader/systemdboot.rb

Overview

Represents systemd bootloader with efi target

Constant Summary collapse

CMDLINE = 
"/etc/kernel/cmdline"

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from BootloaderBase

#prepare, #proposed?, #read?

Constructor Details

#initializeSystemdBoot 



45
46
47
48
49
50
51
52
53
54
55
56
 
# File 'src/lib/bootloader/systemdboot.rb', line 45

def initialize
  super

  textdomain "bootloader"
  # For kernel parameters we are using the same data structure
  # like grub2 in order to be compatible with all calls.
  @kernel_container = ::CFA::Grub2::Default.new
  @explicit_cpu_mitigations = false
  @pmbr_action = :nothing
  @sections = ::Bootloader::BlsSections.new
  @update_nvram = true
end

Instance Attribute Details

#pmbr_action:remove, ... 



43
44
45
 
# File 'src/lib/bootloader/systemdboot.rb', line 43

def pmbr_action
  @pmbr_action
end

#sectionsObject (readonly)

Returns the value of attribute sections.



39
40
41
 
# File 'src/lib/bootloader/systemdboot.rb', line 39

def sections
  @sections
end

#secure_bootBoolean 



33
34
35
 
# File 'src/lib/bootloader/systemdboot.rb', line 33

def secure_boot
  @secure_boot
end

#timeoutInteger Also known as: menu_timeout 



27
28
29
 
# File 'src/lib/bootloader/systemdboot.rb', line 27

def timeout
  @timeout
end

#update_nvramBoolean 



37
38
39
 
# File 'src/lib/bootloader/systemdboot.rb', line 37

def update_nvram
  @update_nvram
end

Instance Method Details

#cpu_mitigationsObject

rubocop:enable Metrics/AbcSize



108
109
110
 
# File 'src/lib/bootloader/systemdboot.rb', line 108

def cpu_mitigations
  CpuMitigations.from_kernel_params(kernel_params)
end

#cpu_mitigations=(value) ⇒ Object 



116
117
118
119
120
 
# File 'src/lib/bootloader/systemdboot.rb', line 116

def cpu_mitigations=(value)
  log.info "set mitigations to #{value.to_human_string}"
  @explicit_cpu_mitigations = true
  value.modify_kernel_params(kernel_params)
end

#deleteObject 



230
231
232
 
# File 'src/lib/bootloader/systemdboot.rb', line 230

def delete
  log.warn("is currently not supported")
end

#explicit_cpu_mitigationsObject 



112
113
114
 
# File 'src/lib/bootloader/systemdboot.rb', line 112

def explicit_cpu_mitigations
  @explicit_cpu_mitigations ? cpu_mitigations : nil
end

#kernel_paramsObject 



58
59
60
 
# File 'src/lib/bootloader/systemdboot.rb', line 58

def kernel_params
  @kernel_container.kernel_params
end

#merge(other) ⇒ Object

rubocop:disable Metrics/AbcSize



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'src/lib/bootloader/systemdboot.rb', line 63

def merge(other)
  log.info "merging: timeout: #{timeout}=>#{other.timeout}"
  log.info "         secure_boot: #{secure_boot}=>#{other.secure_boot}"
  log.info "         update_nvram: #{update_nvram}=>#{other.update_nvram}"
  log.info "         mitigations: #{cpu_mitigations.to_human_string}=>" \
           "#{other.cpu_mitigations.to_human_string}"
  log.info "         pmbr_action: #{pmbr_action}=>#{other.pmbr_action}"
  log.info "         kernel_params: #{kernel_params.serialize}=>" \
           "#{other.kernel_params.serialize}"
  log.info "         default menu: #{@sections.default}=>" \
           "#{other.sections.default}"
  super
  self.timeout = other.timeout unless other.timeout.nil?
  self.secure_boot = other.secure_boot unless other.secure_boot.nil?
  self.pmbr_action = other.pmbr_action if other.pmbr_action
  self.update_nvram = other.update_nvram unless other.update_nvram.nil?

  kernel_serialize = kernel_params.serialize
  # handle specially noresume as it should lead to remove all other resume
  kernel_serialize.gsub!(/resume=\S+/, "") if other.kernel_params.parameter("noresume")

  # prevent double cpu_mitigations params
  kernel_serialize.gsub!(/mitigations=\S+/, "") if other.kernel_params.parameter("mitigations")

  new_kernel_params = "#{kernel_serialize} #{other.kernel_params.serialize}"
  # deduplicate identicatel parameter. Keep always the last one ( so reverse is needed ).
  new_params = new_kernel_params.split.reverse.uniq.reverse.join(" ")

  @kernel_container.kernel_params.replace(new_params)

  # explicitly set mitigations means overwrite of our
  self.cpu_mitigations = other.cpu_mitigations if other.explicit_cpu_mitigations

  @sections.default = other.sections.default if other.sections.default

  log.info "merging result: timeout: #{timeout}"
  log.info "                secure_boot: #{secure_boot}"
  log.info "                update_nvram: #{update_nvram}"
  log.info "                mitigations: #{cpu_mitigations.to_human_string}"
  log.info "                kernel_params: #{kernel_params.serialize}"
  log.info "                pmbr_action: #{pmbr_action}"
  log.info "                default menu: #{@sections.default}"
end

#nameObject 



213
214
215
 
# File 'src/lib/bootloader/systemdboot.rb', line 213

def name
  "systemd-boot"
end

#packagesObject 



217
218
219
220
221
222
223
224
225
226
227
228
 
# File 'src/lib/bootloader/systemdboot.rb', line 217

def packages
  res = super
  res << "sdbootutil" << "systemd-boot"

  if ["x86_64", "aarch64"].include?(Yast::Arch.architecture)
    res << "shim"
  else
    log.warn "Unknown architecture #{Yast::Arch.architecture} for systemd-boot"
  end

  res
end

#proposeObject 



158
159
160
161
162
163
164
165
166
167
168
169
170
 
# File 'src/lib/bootloader/systemdboot.rb', line 158

def propose
  super
  log.info("Propose settings...")
  if @kernel_container.kernel_params.empty?
    kernel_line = Yast::BootArch.DefaultKernelParams(Yast::BootStorage.propose_resume)
    @kernel_container.kernel_params.replace(kernel_line)
  end
  self.timeout = Yast::ProductFeatures.GetIntegerFeature("globals", "boot_timeout").to_i
  self.secure_boot = Systeminfo.secure_boot_supported?
  # for UEFI always remove PMBR flag on disk (bnc#872054)
  self.pmbr_action = :remove
  self.update_nvram = true
end

#readObject 



122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
 
# File 'src/lib/bootloader/systemdboot.rb', line 122

def read
  super

  @sections.read
  self.timeout = Bls.menu_timeout
  self.secure_boot = Systeminfo.secure_boot_active?
  self.update_nvram = Systeminfo.update_nvram_active?

  lines = ""
  filename = File.join(Yast::Installation.destdir, CMDLINE)
  if File.exist?(filename)
    File.open(filename).each do |line|
      lines = + line
    end
  end
  @kernel_container.kernel_params.replace(lines)
end

#secure_boot_summaryString

Secure boot setting shown in summary screen. sdbootutil intialize secure boot if shim has been installed.



176
177
178
179
180
181
182
183
184
 
# File 'src/lib/bootloader/systemdboot.rb', line 176

def secure_boot_summary
  link = if secure_boot
    "<a href=\"disable_secure_boot\">(#{_("disable")})</a>"
  else
    "<a href=\"enable_secure_boot\">(#{_("enable")})</a>"
  end

  "#{_("Secure Boot:")} #{status_string(secure_boot)} #{link}"
end

#summaryObject

Display bootloader summary



201
202
203
204
205
206
207
208
209
210
211
 
# File 'src/lib/bootloader/systemdboot.rb', line 201

def summary(*)
  result = [
    Yast::Builtins.sformat(
      _("Boot Loader Type: %1"),
      "Systemd Boot"
    )
  ]
  result << secure_boot_summary if Systeminfo.secure_boot_available?(name)
  result << update_nvram_summary if Systeminfo.nvram_available?(name)
  result
end

#update_nvram_summaryString

Update nvram shown in summary screen



189
190
191
192
193
194
195
196
197
 
# File 'src/lib/bootloader/systemdboot.rb', line 189

def update_nvram_summary
  link = if update_nvram
    "<a href=\"disable_update_nvram\">(#{_("disable")})</a>"
  else
    "<a href=\"enable_update_nvram\">(#{_("enable")})</a>"
  end

  "#{_("Update NVRAM:")} #{status_string(update_nvram)} #{link}"
end

#write(etc_only: false) ⇒ Object

Write bootloader settings to disk



141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
 
# File 'src/lib/bootloader/systemdboot.rb', line 141

def write(etc_only: false)
  super
  log.info("Writing settings...")
  write_kernel_parameter
  if Yast::Stage.initial # while new installation only (currently)
    Bls.install_bootloader
    Bls.set_authentication
  end

  Bls.create_menu_entries
  Bls.write_menu_timeout(timeout)
  @sections.write
  Pmbr.write_efi(pmbr_action)

  true
end

#write_sysconfig(prewrite: false) ⇒ Object

overwrite BootloaderBase version to save secure boot



235
236
237
238
239
240
 
# File 'src/lib/bootloader/systemdboot.rb', line 235

def write_sysconfig(prewrite: false)
  sysconfig = Bootloader::Sysconfig.new(bootloader: name,
    secure_boot: secure_boot, trusted_boot: false,
    update_nvram: update_nvram)
  prewrite ? sysconfig.pre_write : sysconfig.write
end