ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 21:17:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

initrd/bin/kexec-sign-config: safeguard ops between remounting /boot rw/ro

Browse Source 
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2024-12-09 13:42:58 -05:00
parent 38b3db451f
commit 4ec37e7bbb
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
initrd/bin/kexec-sign-config
View File

@ -27,6 +27,9 @@ assert_signable
confirm_gpg_card
# remount /boot as rw
mount -o remount,rw /boot
# update hashes in /boot before signing
if [ "$update" = "y" ]; then
(
@ -81,8 +84,15 @@ for tries in 1 2 3; do
; then
# successful - update the validated params
check_config $paramsdir
# remount /boot as ro
mount -o remount,ro /boot
exit 0
fi
done
# remount /boot as ro
mount -o remount,ro /boot
die "$paramsdir: Unable to sign kexec hashes"