Closed smoser closed 2 years ago
Ugh. don't merge this now.
it seems that when shim executes kernel.efi then we are not getting the name of 'kernel.efi' in cmdline. that only happens when we are launched as 'kernel.efi arg1 arg2' from the cli.
I'll separate out the print related fixes and do a PR for those.
Then, later, I'll look again at this. I found that shim has some code for dealing with it. https://github.com/rhboot/shim/blob/main/load-options.c#L306
I'll separate out the print related fixes and do a PR for those.
That is available now in #17.
closing this in favor of #18.
When stubby uses a builtin commanad line, the command line presented to the kernel would contain only the arguments (console=ttyS0 root=/dev/sda).
But when reading from the efi LoadOptions, it would contain the executable name (kernel.efi or bootx64.efi) in addition to the any arguments found there.
The string 'kernel.efi' did not look like an allowed argument, so it would be denied.
We could have just not checked arg0 against the allowed list, but then what happens when someone names their kernel.efi file
init=bin/sh
? They could rename the filename without invalidating the signature. Better to just not provide the kernel with the name of the file.