boot

package
v0.0.0-...-a320045 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2024 License: GPL-3.0 Imports: 42 Imported by: 133

Documentation

Index

Constants

View Source 
const (
	// DefaultStatus is the value of a status boot variable when nothing is
	// being tried
	DefaultStatus = ""
	// TryStatus is the value of a status boot variable when something is about
	// to be tried
	TryStatus = "try"
	// TryingStatus is the value of a status boot variable after we have
	// attempted a boot with a try snap - this status is only set in the early
	// boot sequence (bootloader, initramfs, etc.)
	TryingStatus = "trying"
)
View Source 
const (
	// ModeRun indicates the regular operating system mode of the device.
	ModeRun = "run"
	// ModeInstall is a mode in which a new system is installed on the
	// device.
	ModeInstall = "install"
	// ModeRecover is a mode in which the device boots into the recovery
	// system.
	ModeRecover = "recover"
	// ModeFactoryReset is a mode in which the device performs a factory
	// reset.
	ModeFactoryReset = "factory-reset"
	// ModeRunCVM is Azure CVM specific run mode fde + classic debs
	ModeRunCVM = "cloudimg-rootfs"
)

Variables

View Source 
var (
	// InitramfsRunMntDir is the directory where ubuntu partitions are mounted
	// during the initramfs.
	InitramfsRunMntDir string

	// InitramfsDataDir is the location of system-data role partition
	// (typically a partition labeled "ubuntu-data") during the initramfs.
	InitramfsDataDir string

	// InitramfsHostUbuntuDataDir is the location of the host ubuntu-data
	// during the initramfs, typically used in recover mode.
	InitramfsHostUbuntuDataDir string

	// InitramfsUbuntuBootDir is the location of ubuntu-boot during the
	// initramfs.
	InitramfsUbuntuBootDir string

	// InitramfsUbuntuSeedDir is the location of ubuntu-seed during the
	// initramfs.
	InitramfsUbuntuSeedDir string

	// InitramfsUbuntuSaveDir is the location of ubuntu-save during the
	// initramfs.
	InitramfsUbuntuSaveDir string

	// InstallHostFDESaveDir is the directory of the FDE data on the
	// ubuntu-save partition during install mode. For other modes,
	// use dirs.SnapSaveFDEDirUnder().
	InstallHostFDESaveDir string

	// InstallHostSaveDir is the directory of device data on ubuntu-save during
	// install mode. For other modes use dirs.SnapDeviceSaveDir
	InstallHostDeviceSaveDir string

	// InitramfsSeedEncryptionKeyDir is the location of the encrypted partition
	// keys during the initramfs on ubuntu-seed.
	InitramfsSeedEncryptionKeyDir string

	// InitramfsBootEncryptionKeyDir is the location of the encrypted partition
	// keys during the initramfs on ubuntu-boot.
	InitramfsBootEncryptionKeyDir string

	// InstallUbuntuDataDir is the location of the data partition during
	// install mode. This should always be on a physical partition.
	InstallUbuntuDataDir string
)
View Source 
var (
	// HasFDESetupHook purpose is to detect if the target kernel has a
	// fde-setup-hook. If kernelInfo is nil the current kernel is checked
	// assuming it is representative` of the target one.
	HasFDESetupHook = func(kernelInfo *snap.Info) (bool, error) {
		return false, nil
	}
	RunFDESetupHook fde.RunSetupHookFunc = func(req *fde.SetupRequest) ([]byte, error) {
		return nil, fmt.Errorf("internal error: RunFDESetupHook not set yet")
	}
)

Hook functions setup by devicestate to support device-specific full disk encryption implementations. The state must be locked when these functions are called.

View Source 
var (
	// ErrBootNameAndRevisionNotReady is returned when the boot revision is not
	// established yet.
	ErrBootNameAndRevisionNotReady = errors.New("boot revision not yet established")
)
View Source 
var ErrObserverNotApplicable = errors.New("observer not applicable")

ErrObserverNotApplicable indicates that observer is not applicable for use with the model.

View Source 
var ErrUnsupportedSystemMode = errors.New("system mode is unsupported")

Functions

func BootFlags 

func BootFlags(dev snap.Device) ([]string, error)

BootFlags returns the current set of boot flags active for this boot. It uses the initramfs-capture values in /run. The flags from the initramfs are checked against the currently understood set of flags, so that if there are unrecognized flags, they are removed from the returned list and the returned error will have IsUnknownFlagErroror() return true. This is to allow gracefully ignoring unknown boot flags while still processing supported flags. Only to be used on UC20+ systems with recovery systems.

func ClearTryRecoverySystem 

func ClearTryRecoverySystem(dev snap.Device, systemLabel string) error

ClearTryRecoverySystem removes a given candidate recovery system and clears the try model in the modeenv state file, then reseals and clears related bootloader variables. An empty system label can be passed when the boot variables state is inconsistent.

func ComposeCandidateCommandLine 

func ComposeCandidateCommandLine(model *asserts.Model, gadgetDirOrSnapPath string) (string, error)

ComposeCandidateCommandLine composes the kernel command line used when booting the system in run mode with the current built-in edition of managed boot assets.

func ComposeCandidateRecoveryCommandLine 

func ComposeCandidateRecoveryCommandLine(model *asserts.Model, system, gadgetDirOrSnapPath string) (string, error)

ComposeCandidateRecoveryCommandLine composes the kernel command line used when booting the given system in recover mode with the current built-in edition of managed boot assets.

func ComposeCommandLine 

func ComposeCommandLine(model *asserts.Model, gadgetDirOrSnapPath string) (string, error)

ComposeCommandLine composes the kernel command line used when booting the system in run mode.

func ComposeRecoveryCommandLine 

func ComposeRecoveryCommandLine(model *asserts.Model, system, gadgetDirOrSnapPath string) (string, error)

ComposeRecoveryCommandLine composes the kernel command line used when booting a given system in recover mode.

func CopyBootAssetsCacheToRoot 

func CopyBootAssetsCacheToRoot(dstRoot string) error

CopyBootAssetsCacheToRoot copies the boot assets cache to a corresponding location under a new root directory.

func DebugDumpBootVars 

func DebugDumpBootVars(w io.Writer, dir string, uc20 bool) error

DebugDumpBootVars writes a dump of the snapd bootvars to the given writer

func DebugSetBootVars 

func DebugSetBootVars(dir string, recoveryBootloader bool, varEqVal []string) error

DebugSetBootVars is a debug helper that takes a list of <var>=<value> entries and sets them for the configured bootloader.

func DeviceChange 

func DeviceChange(from snap.Device, to snap.Device, unlocker Unlocker) error

DeviceChange handles a change of the underlying device. Specifically it can be used during remodel when a new device is associated with a new model. The encryption keys will be resealed for both models. The device model file which is measured during boot will be updated. The recovery systems that belong to the old model will no longer be usable.

func DropRecoverySystem 

func DropRecoverySystem(dev snap.Device, systemLabel string) error

DropRecoverySystem drops a provided system from the list of good and current recovery systems, updates the modeenv and reseals the keys a needed. Note, this call *DOES NOT* clear the boot environment variables.

func EnsureNextBootToRunMode 

func EnsureNextBootToRunMode(systemLabel string) error

EnsureNextBootToRunMode will mark the bootenv of the recovery bootloader such that recover mode is now ready to switch back to run mode upon any reboot.

func EnsureNextBootToRunModeWithTryRecoverySystemOutcome 

func EnsureNextBootToRunModeWithTryRecoverySystemOutcome(outcome TryRecoverySystemOutcome) error

EnsureNextBootToRunModeWithTryRecoverySystemOutcome, typically called while in initramfs, updates the boot environment to indicate an outcome of trying out a recovery system and sets the system up to boot into run mode. It is up to the caller to ensure the status is updated for the right recovery system, typically by calling InitramfsIsTryingRecoverySystem beforehand.

func FindPartitionUUIDForBootedKernelDisk 

func FindPartitionUUIDForBootedKernelDisk() (string, error)

FindPartitionUUIDForBootedKernelDisk returns the partition uuid for the partition that the booted kernel is located on.

func GetCurrentBoot 

func GetCurrentBoot(t snap.Type, dev snap.Device) (snap.PlaceInfo, error)

GetCurrentBoot returns the currently set name and revision for boot for the given type of snap, which can be snap.TypeBase (or snap.TypeOS), or snap.TypeKernel. Returns ErrBootNameAndRevisionNotReady if the values are temporarily not established.

func HostUbuntuDataForMode 

func HostUbuntuDataForMode(mode string, mod gadget.Model) ([]string, error)

HostUbuntuDataForMode returns a list of locations where the run mode root filesystem is mounted for the given mode. For run mode, it's "/run/mnt/data" and "/". For install mode it's "/run/mnt/ubuntu-data". For factory-reset mode it's "/run/mnt/ubuntu-data" For recover mode it's either "/host/ubuntu-data" or nil if that is not mounted. Note that, for recover mode, this function only returns a non-empty return value if the partition is mounted and trusted, there are certain corner-cases where snap-bootstrap in the initramfs may have mounted ubuntu-data in an untrusted manner, but for the purposes of this function that is ignored. This is primarily meant to be consumed by "snap{,ctl} system-mode".

TODO: pass a "snap.Device" here and add "SystemMode() string" to that

func InitramfsActiveBootFlags 

func InitramfsActiveBootFlags(mode string, rootfsDir string) ([]string, error)

InitramfsActiveBootFlags returns the set of boot flags that are currently set for the current boot, by querying them directly from the source. This method is only meant to be used from the initramfs, since it may query the bootenv or query the modeenv depending on the current mode of the system. For detecting the current set of boot flags outside of the initramfs, use BootFlags(), which will query for the runtime version of the flags in /run that the initramfs will have setup for userspace. Note that no filtering is done on the flags in order to allow new flags to be used by a userspace that is newer than the initramfs, but empty flags will be dropped automatically. Only to be used on UC20+ systems with recovery systems.

func InitramfsExposeBootFlagsForSystem 

func InitramfsExposeBootFlagsForSystem(flags []string) error

InitramfsExposeBootFlagsForSystem sets the boot flags for the current boot in the /run file that will be consulted in userspace by BootFlags() below. It is meant to be used only from the initramfs. Note that no filtering is done on the flags in order to allow new flags to be used by a userspace that is newer than the initramfs, but empty flags will be dropped automatically. Only to be used on UC20+ systems with recovery systems.

func InitramfsHostWritableDir 

func InitramfsHostWritableDir(mod gadget.Model) string

InitramfsHostWritableDir is the location of the host writable partition during the initramfs, typically used in recover mode.

func InitramfsIsTryingRecoverySystem 

func InitramfsIsTryingRecoverySystem(currentSystemLabel string) (bool, error)

InitramfsIsTryingRecoverySystem, typically called while in initramfs of recovery mode system, checks whether the boot variables indicate that the given recovery system is only being tried. When the state of boot variables is inconsistent, eg. status indicates that a recovery system is to be tried, but the label is unset, a specific error which can be tested with IsInconsystemRecoverySystemState() is returned.

func InitramfsReboot 

func InitramfsReboot() error

InitramfsReboot requests the system to reboot. Can be called while in initramfs.

func InitramfsRunModeSelectSnapsToMount 

func InitramfsRunModeSelectSnapsToMount(
	typs []snap.Type,
	modeenv *Modeenv,
	rootfsDir string,
) (map[snap.Type]snap.PlaceInfo, error)

InitramfsRunModeSelectSnapsToMount returns a map of the snap paths to mount for the specified snap types.

func InitramfsRunModeUpdateBootloaderVars 

func InitramfsRunModeUpdateBootloaderVars() error

InitramfsRunModeUpdateBootloaderVars updates bootloader variables from the initramfs. This is necessary only for piboot at the moment.

func InitramfsWritableDir 

func InitramfsWritableDir(mod gadget.Model, isRunMode bool) string

InitramfsWritableDir is the location of the writable partition during the initramfs. Note that this may refer to a temporary filesystem or a physical partition depending on what system mode the system is in.

This needs the "isRunMode" in the future for when we implement a recovery system on "classic+modes". In this scenario in "run" mode we have the debian based rootfs in /run/mnt/ubuntu-data *but* in "recover" mode the rootfs comes from a base snap like "core22" so we need to generate "ubuntu-core" like paths.

func InstallHostFDEDataDir 

func InstallHostFDEDataDir(mod gadget.Model) string

InstallHostFDEDataDir is the location of the FDE data during install mode.

func InstallHostWritableDir 

func InstallHostWritableDir(mod gadget.Model) string

InstallHostWritableDir is the location of the writable partition of the installed host during install mode. This should always be on a physical partition.

func IsInconsistentRecoverySystemState 

func IsInconsistentRecoverySystemState(err error) bool

func IsUnknownBootFlagError 

func IsUnknownBootFlagError(e error) bool

func MakeBootableImage 

func MakeBootableImage(model *asserts.Model, rootdir string, bootWith *BootableSet, bootFlags []string) error

MakeBootableImage sets up the given bootable set and target filesystem such that the image can be booted.

rootdir points to an image filesystem (UC 16/18) or an image recovery filesystem (UC20 at prepare-image time). On UC20, bootWith.Recovery must be true, as this function makes the recovery system bootable. It does not make a run system bootable, for that functionality see MakeRunnableSystem, which is meant to be used at runtime from UC20 install mode. For a UC20 image a set of boot flags that will be set in the recovery boot environment can be specified.

func MakeBootablePartition 

func MakeBootablePartition(partDir string, opts *bootloader.Options, bootWith *BootableSet, bootMode string, bootFlags []string) error

MakeBootablePartition configures a partition mounted on rootdir using information from bootWith and bootFlags. Contrarily to MakeBootableImage this happens in a live system.

func MakeRecoverySystemBootable 

func MakeRecoverySystemBootable(model *asserts.Model, rootdir string, relativeRecoverySystemDir string, bootWith *RecoverySystemBootableSet) error

MakeRecoverySystemBootable prepares a recovery system under a path relative to recovery bootloader's rootdir for booting.

func MakeRunnableStandaloneSystem 

func MakeRunnableStandaloneSystem(model *asserts.Model, bootWith *BootableSet, sealer *TrustedAssetsInstallObserver, unlocker Unlocker) error

MakeRunnableStandaloneSystem operates like MakeRunnableSystem but does not assume that the run system being set up is related to the current system. This is appropriate e.g when installing from a classic installer.

func MakeRunnableStandaloneSystemFromInitrd 

func MakeRunnableStandaloneSystemFromInitrd(model *asserts.Model, bootWith *BootableSet, sealer *TrustedAssetsInstallObserver) error

MakeRunnableStandaloneSystemFromInitrd is the same as MakeRunnableStandaloneSystem but uses seed dir path expected in initrd.

func MakeRunnableSystem 

func MakeRunnableSystem(model *asserts.Model, bootWith *BootableSet, sealer *TrustedAssetsInstallObserver) error

MakeRunnableSystem is like MakeBootableImage in that it sets up a system to be able to boot, but is unique in that it is intended to be called from UC20 install mode and makes the run system bootable (hence it is called "runnable"). Note that this function does not update the recovery bootloader env to actually transition to run mode here, that is left to the caller via something like boot.EnsureNextBootToRunMode(). This is to enable separately setting up a run system and actually transitioning to it, with hooks, etc. running in between.

func MakeRunnableSystemAfterDataReset 

func MakeRunnableSystemAfterDataReset(model *asserts.Model, bootWith *BootableSet, sealer *TrustedAssetsInstallObserver) error

MakeRunnableSystemAfterDataReset sets up the system to be able to boot, but it is intended to be called from UC20 factory reset mode right before switching back to the new run system.

func MarkBootSuccessful 

func MarkBootSuccessful(dev snap.Device) error

MarkBootSuccessful marks the current boot as successful. This means that snappy will consider this combination of kernel/os a valid target for rollback.

The states that a boot goes through for UC16/18 are the following:

  • By default snap_mode is "" in which case the bootloader loads two squashfs'es denoted by variables snap_core and snap_kernel.
  • On a refresh of core/kernel snapd will set snap_mode=try and will also set snap_try_{core,kernel} to the core/kernel that will be tried next.
  • On reboot the bootloader will inspect the snap_mode and if the mode is set to "try" it will set "snap_mode=trying" and then try to boot the snap_try_{core,kernel}".
  • On a successful boot snapd resets snap_mode to "" and copies snap_try_{core,kernel} to snap_{core,kernel}. The snap_try_* values are cleared afterwards.
  • On a failing boot the bootloader will see snap_mode=trying which means snapd did not start successfully. In this case the bootloader will set snap_mode="" and the system will boot with the known good values from snap_{core,kernel}

func MarkFactoryResetComplete 

func MarkFactoryResetComplete(encrypted bool) error

MarkFactoryResetComplete runs a series of steps in a run system that complete a factory reset process.

func MarkRecoveryCapableSystem 

func MarkRecoveryCapableSystem(systemLabel string) error

MarkRecoveryCapableSystem records a given system as one that we can recover from.

func MockInitramfsReboot 

func MockInitramfsReboot(f func() error) (restore func())

func MockResealKeyToModeenv 

func MockResealKeyToModeenv(f func(rootdir string, modeenv *Modeenv, expectReseal bool, unlocker Unlocker) error) (restore func())

MockResealKeyToModeenv is only useful in testing.

func MockSealKeyToModeenv 

func MockSealKeyToModeenv(f func(key, saveKey keys.EncryptionKey, model *asserts.Model, modeenv *Modeenv, flags MockSealKeyToModeenvFlags) error) (restore func())

MockSealKeyToModeenv is used for testing from other packages.

func MockSecbootResealKeys 

func MockSecbootResealKeys(f func(params *secboot.ResealKeysParams) error) (restore func())

MockSecbootResealKeys is only useful in testing. Note that this is a very low level call and may need significant environment setup.

func ModeAndRecoverySystemFromKernelCommandLine 

func ModeAndRecoverySystemFromKernelCommandLine() (mode, sysLabel string, err error)

ModeAndRecoverySystemFromKernelCommandLine returns the current system mode and the recovery system label as passed in the kernel command line by the bootloader.

func PromoteTriedRecoverySystem 

func PromoteTriedRecoverySystem(dev snap.Device, systemLabel string, triedSystems []string) (err error)

PromoteTriedRecoverySystem promotes the provided recovery system to be recognized as a good one, and ensures that the system is present in the list of good recovery systems and current recovery systems in modeenv. The provided list of tried systems should contain the system in question. If the system uses encryption, the keys will updated state. If resealing fails, an attempt to restore the previous state is made

func Reboot 

func Reboot(action RebootAction, rebootDelay time.Duration, rebootInfo *RebootInfo) error

func SetRecoveryBootSystemAndMode 

func SetRecoveryBootSystemAndMode(dev snap.Device, systemLabel, mode string) error

SetRecoveryBootSystemAndMode configures the recovery bootloader to boot into the given recovery system in a particular mode. Returns ErrUnsupportedSystemMode when booting into a recovery system is not supported by the device.

func SetTryRecoverySystem 

func SetTryRecoverySystem(dev snap.Device, systemLabel string) (err error)

SetTryRecoverySystem sets up the boot environment for trying out a recovery system with given label in the context of the provided device. The call adds the new system to the list of current recovery systems in the modeenv, and optionally sets a try model, if the device model is different from the current one, which typically can happen during a remodel. Once done, the caller should request switching to the given recovery system.

func SnapTypeParticipatesInBoot 

func SnapTypeParticipatesInBoot(t snap.Type, dev snap.Device) bool

SnapTypeParticipatesInBoot returns whether a snap type participates in the boot for a given device.

func UnmarkRecoveryCapableSystem 

func UnmarkRecoveryCapableSystem(systemLabel string) error

UnmarkRecoveryCapableSystem removes a given system from the list of systems that we can recover from.

func UpdateCommandLineForGadgetComponent 

func UpdateCommandLineForGadgetComponent(dev snap.Device, gadgetSnapOrDir, cmdlineAppend string) (needsReboot bool, err error)

UpdateCommandLineForGadgetComponent handles the update of a gadget that contributes to the kernel command line of the run system (appending any additional kernel command line arguments coming from system options). Returns true when a change in command line has been observed and a reboot is needed. The reboot, if needed, should be requested at the the earliest possible occasion.

func UpdateManagedBootConfigs 

func UpdateManagedBootConfigs(dev snap.Device, gadgetSnapOrDir, cmdlineAppend string) (updated bool, err error)

UpdateManagedBootConfigs updates managed boot config assets if those are present for the ubuntu-boot bootloader. To do this it needs information from the model, the gadget we are updating to, and any additional kernel command line arguments coming from system options. Returns true when an update was carried out.

Types

type BootKernel 

type BootKernel interface {
	// RemoveKernelAssets removes the unpacked kernel/initrd for the given
	// kernel snap.
	RemoveKernelAssets() error
	// ExtractKernelAssets extracts kernel/initrd/dtb data from the given
	// kernel snap, if required, to a versioned bootloader directory so
	// that the bootloader can use it.
	ExtractKernelAssets(snap.Container) error
	// Is this a trivial implementation of the interface?
	IsTrivial() bool
}

A BootKernel handles the bootloader setup of a kernel.

func Kernel 

func Kernel(s snap.PlaceInfo, t snap.Type, dev snap.Device) BootKernel

Kernel checks that the given arguments refer to a kernel snap that participates in the boot process, and returns the associated BootKernel, or a trivial implementation otherwise.

type BootParticipant 

type BootParticipant interface {
	// SetNextBoot will schedule the snap to be used in the next
	// boot. bootCtx contains context information that influences how the
	// next boot is performed. For base snaps it is up to the caller to
	// select the right bootable base (from the model assertion). It is a
	// noop for not relevant snaps.  Otherwise it returns whether a reboot
	// is required.
	SetNextBoot(bootCtx NextBootContext) (rebootInfo RebootInfo, err error)

	// Is this a trivial implementation of the interface?
	IsTrivial() bool
}

A BootParticipant handles the boot process details for a snap involved in it.

func Participant 

func Participant(s snap.PlaceInfo, t snap.Type, dev snap.Device) BootParticipant

Participant figures out what the BootParticipant is for the given arguments, and returns it. If the snap does _not_ participate in the boot process, the returned object will be a NOP, so it's safe to call anything on it always.

Currently, on classic, nothing is a boot participant (returned will always be NOP).

type BootableSet 

type BootableSet struct {
	Base       *snap.Info
	BasePath   string
	Kernel     *snap.Info
	KernelPath string
	Gadget     *snap.Info
	GadgetPath string

	RecoverySystemLabel string
	// RecoverySystemDir is a path to a directory with recovery system
	// assets. The path is relative to the recovery bootloader root
	// directory.
	RecoverySystemDir string

	UnpackedGadgetDir string

	// Recovery is set when making the recovery partition bootable.
	Recovery bool
}

BootableSet represents the boot snaps of a system to be made bootable.

type InUseFunc 

type InUseFunc func(name string, rev snap.Revision) bool

InUseFunc is a function to check if the snap is in use or not.

func InUse 

func InUse(typ snap.Type, dev snap.Device) (InUseFunc, error)

InUse returns a checker for whether a given name/revision is used in the boot environment for snaps of the relevant snap type.

type MockSealKeyToModeenvFlags 

type MockSealKeyToModeenvFlags = sealKeyToModeenvFlags

MockSealKeyToModeenvFlags is used for testing from other packages.

type Modeenv 

type Modeenv struct {
	Mode           string `key:"mode"`
	RecoverySystem string `key:"recovery_system"`
	// CurrentRecoverySystems is a list of labels corresponding to recovery
	// systems that have been tested or are in the process of being tried,
	// thus only the run key is resealed for these systems.
	CurrentRecoverySystems []string `key:"current_recovery_systems"`
	// GoodRecoverySystems is a list of labels corresponding to recovery
	// systems that were tested and are prepared to use for recovering.
	// The fallback keys are resealed for these systems.
	GoodRecoverySystems []string `key:"good_recovery_systems"`
	Base                string   `key:"base"`
	TryBase             string   `key:"try_base"`
	BaseStatus          string   `key:"base_status"`
	// Gadget is the currently active gadget snap
	Gadget         string   `key:"gadget"`
	CurrentKernels []string `key:"current_kernels"`
	// Model, BrandID, Grade, SignKeyID describe the properties of current
	// device model.
	Model          string `key:"model"`
	BrandID        string `key:"model,secondary"`
	Classic        bool   `key:"classic"`
	Grade          string `key:"grade"`
	ModelSignKeyID string `key:"model_sign_key_id"`
	// TryModel, TryBrandID, TryGrade, TrySignKeyID describe the properties
	// of the candidate model.
	TryModel          string `key:"try_model"`
	TryBrandID        string `key:"try_model,secondary"`
	TryGrade          string `key:"try_grade"`
	TryModelSignKeyID string `key:"try_model_sign_key_id"`
	// BootFlags is the set of boot flags. Whether this applies for the current
	// or next boot is not indicated in the modeenv. When the modeenv is read in
	// the initramfs these flags apply to the current boot and are copied into
	// a file in /run that userspace should read instead of reading from this
	// key. When setting boot flags for the next boot, then this key will be
	// written to and used by the initramfs after rebooting.
	BootFlags []string `key:"boot_flags"`
	// CurrentTrustedBootAssets is a map of a run bootloader's asset names to
	// a list of hashes of the asset contents. Typically the first entry in
	// the list is a hash of an asset the system currently boots with (or is
	// expected to have booted with). The second entry, if present, is the
	// hash of an entry added when an update of the asset was being applied
	// and will become the sole entry after a successful boot.
	CurrentTrustedBootAssets bootAssetsMap `key:"current_trusted_boot_assets"`
	// CurrentTrustedRecoveryBootAssetsMap is a map of a recovery bootloader's
	// asset names to a list of hashes of the asset contents. Used similarly
	// to CurrentTrustedBootAssets.
	CurrentTrustedRecoveryBootAssets bootAssetsMap `key:"current_trusted_recovery_boot_assets"`
	// CurrentKernelCommandLines is a list of the expected kernel command
	// lines when booting into run mode. It will typically only be one
	// element for normal operations, but may contain two elements during
	// update scenarios.
	CurrentKernelCommandLines bootCommandLines `key:"current_kernel_command_lines"`
	// contains filtered or unexported fields
}

Modeenv is a file on UC20 that provides additional information about the current mode (run,recover,install)

func ReadModeenv 

func ReadModeenv(rootdir string) (*Modeenv, error)

ReadModeenv attempts to read the modeenv file at <rootdir>/var/lib/snapd/modeenv.

func (*Modeenv) Copy 

func (m *Modeenv) Copy() (*Modeenv, error)

Copy will make a deep copy of a Modeenv.

func (*Modeenv) ModelForSealing 

func (m *Modeenv) ModelForSealing() secboot.ModelForSealing

ModelForSealing returns a wrapper implementing github.com/snapcore/secboot.SnapModel interface which describes the current model.

func (*Modeenv) TryModelForSealing 

func (m *Modeenv) TryModelForSealing() secboot.ModelForSealing

TryModelForSealing returns a wrapper implementing github.com/snapcore/secboot.SnapModel interface which describes the candidate or try model.

func (*Modeenv) Write 

func (m *Modeenv) Write() error

Write outputs the modeenv to the file where it was read, only valid on modeenv that has been read.

func (*Modeenv) WriteTo 

func (m *Modeenv) WriteTo(rootdir string) error

WriteTo outputs the modeenv to the file at <rootdir>/var/lib/snapd/modeenv.

type NextBootContext 

type NextBootContext struct {
	// BootWithoutTry is sets if we don't want to use the "try" logic. This
	// is useful if the next boot is part of an installation undo.
	BootWithoutTry bool
}

NextBootContext carries additional significative information used when setting the next boot.

type RebootAction 

type RebootAction int
const (
	RebootReboot RebootAction = iota
	RebootHalt
	RebootPoweroff
)

func (RebootAction) String 

func (a RebootAction) String() string

type RebootInfo 

type RebootInfo struct {
	// RebootRequired is true if we need to reboot after an update.
	RebootRequired bool
	// BootloaderOptions will be used to find the correct bootloader when
	// checking for any set reboot arguments.
	BootloaderOptions *bootloader.Options
}

RebootInfo contains information about how to perform a reboot if required.

type RecoverySystemBootableSet 

type RecoverySystemBootableSet struct {
	Kernel          *snap.Info
	KernelPath      string
	GadgetSnapOrDir string
	// PrepareImageTime is true when the structure is being used when
	// preparing a bootable system image.
	PrepareImageTime bool
}

RecoverySystemBootableSet is a set of snaps relevant to booting a recovery system.

type TrustedAssetsInstallObserver 

type TrustedAssetsInstallObserver struct {
	// contains filtered or unexported fields
}

TrustedAssetsInstallObserver tracks the installation of trusted or managed boot assets.

func TrustedAssetsInstallObserverForModel 

func TrustedAssetsInstallObserverForModel(model *asserts.Model, gadgetDir string, useEncryption bool) (*TrustedAssetsInstallObserver, error)

TrustedAssetsInstallObserverForModel returns a new trusted assets observer for use during installation of the run mode system to track trusted and control managed assets, provided the device model indicates this might be needed. Otherwise, nil and ErrObserverNotApplicable is returned.

func (*TrustedAssetsInstallObserver) ChosenEncryptionKeys 

func (o *TrustedAssetsInstallObserver) ChosenEncryptionKeys(key, saveKey keys.EncryptionKey)

func (*TrustedAssetsInstallObserver) Observe 

func (o *TrustedAssetsInstallObserver) Observe(op gadget.ContentOperation, partRole, root, relativeTarget string, data *gadget.ContentChange) (gadget.ContentChangeAction, error)

Observe observes the operation related to the content of a given gadget structure. In particular, the TrustedAssetsInstallObserver tracks writing of trusted or managed boot assets, such as the bootloader binary which is measured as part of the secure boot or the bootloader configuration.

Implements gadget.ContentObserver.

func (*TrustedAssetsInstallObserver) ObserveExistingTrustedRecoveryAssets 

func (o *TrustedAssetsInstallObserver) ObserveExistingTrustedRecoveryAssets(recoveryRootDir string) error

ObserveExistingTrustedRecoveryAssets observes existing trusted assets of a recovery bootloader located inside a given root directory.

type TrustedAssetsUpdateObserver 

type TrustedAssetsUpdateObserver struct {
	// contains filtered or unexported fields
}

TrustedAssetsUpdateObserver tracks the updates of trusted boot assets and attempts to reseal when needed or preserves managed boot assets.

func TrustedAssetsUpdateObserverForModel 

func TrustedAssetsUpdateObserverForModel(model *asserts.Model, gadgetDir string) (*TrustedAssetsUpdateObserver, error)

TrustedAssetsUpdateObserverForModel returns a new trusted assets observer for tracking changes to the trusted boot assets and preserving managed assets, provided the device model indicates this might be needed. Otherwise, nil and ErrObserverNotApplicable is returned.

func (*TrustedAssetsUpdateObserver) BeforeWrite 

func (o *TrustedAssetsUpdateObserver) BeforeWrite() error

BeforeWrite is called when the update process has been staged for execution.

func (*TrustedAssetsUpdateObserver) Canceled 

func (o *TrustedAssetsUpdateObserver) Canceled() error

Canceled is called when the update has been canceled, or if changes were written and the update has been reverted.

func (*TrustedAssetsUpdateObserver) Done 

func (o *TrustedAssetsUpdateObserver) Done()

Done must be called when done with the observer if any of the gadget.ContenUpdateObserver methods might have been called.

func (*TrustedAssetsUpdateObserver) Observe 

func (o *TrustedAssetsUpdateObserver) Observe(op gadget.ContentOperation, partRole, root, relativeTarget string, data *gadget.ContentChange) (gadget.ContentChangeAction, error)

Observe observes the operation related to the update or rollback of the content of a given gadget structure. In particular, the TrustedAssetsUpdateObserver tracks updates of trusted boot assets such as bootloader binaries, or preserves managed assets such as boot configuration.

Implements gadget.ContentUpdateObserver.

type TryRecoverySystemOutcome 

type TryRecoverySystemOutcome int
const (
	TryRecoverySystemOutcomeFailure TryRecoverySystemOutcome = iota
	TryRecoverySystemOutcomeSuccess
	// TryRecoverySystemOutcomeInconsistent indicates that the booted try
	// recovery system state was incorrect and corresponding boot variables
	// need to be cleared
	TryRecoverySystemOutcomeInconsistent
	// TryRecoverySystemOutcomeNoneTried indicates a state in which no
	// recovery system has been tried
	TryRecoverySystemOutcomeNoneTried
)

func InspectTryRecoverySystemOutcome 

func InspectTryRecoverySystemOutcome(dev snap.Device) (outcome TryRecoverySystemOutcome, label string, err error)

InspectTryRecoverySystemOutcome obtains a tried recovery system status. When no recovery system has been tried, the outcome will be TryRecoverySystemOutcomeNoneTried. The caller is responsible for clearing the bootenv once the status bas been properly acted on.

type Unlocker 

type Unlocker func() (relock func())

Unlocker functions are passed from code using boot to indicate that global state should be unlocked during slow operations, e.g sealing/unsealing. Boot code is then expected to call the unlocker around the slow section and relock using the returned function. Unlocker being nil indicates not to do this.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.