ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-20 09:16:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

functions: fix handling of checksum update fail

Browse Source 
If kexec-sign-config fails due to GPG key not present,
the double die() results in a kernel panic (and if it didn't,
/boot would be left mounted RW). Fix this by removing call to
die() and ensuring /boot remounted RO regardless checksum
update success or failure.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>
This commit is contained in:
Matt DeVillier 2019-11-13 17:28:12 -06:00
parent 018279b2bf
commit 4d32b4adf8
No known key found for this signature in database
GPG Key ID: 2BBB776A35B978FD
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
initrd/etc/functions
View File

@ -287,8 +287,10 @@ update_checksums()
if [ "$CONFIG_TPM" = "y" ]; then
extparam=-u
fi
kexec-sign-config -p /boot $extparam \
|| die "Failed to sign default config"
if ! kexec-sign-config -p /boot $extparam ; then
echo "Failed to sign default config; press Enter to continue."
read
fi
# switch back to ro mode
mount -o ro,remount /boot