mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-24 23:26:44 +00:00
initrd/bin/kexec-sign-config: safeguard ops between remounting /boot rw/ro
Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
parent
38b3db451f
commit
4ec37e7bbb
@ -27,6 +27,9 @@ assert_signable
|
|||||||
|
|
||||||
confirm_gpg_card
|
confirm_gpg_card
|
||||||
|
|
||||||
|
# remount /boot as rw
|
||||||
|
mount -o remount,rw /boot
|
||||||
|
|
||||||
# update hashes in /boot before signing
|
# update hashes in /boot before signing
|
||||||
if [ "$update" = "y" ]; then
|
if [ "$update" = "y" ]; then
|
||||||
(
|
(
|
||||||
@ -81,8 +84,15 @@ for tries in 1 2 3; do
|
|||||||
; then
|
; then
|
||||||
# successful - update the validated params
|
# successful - update the validated params
|
||||||
check_config $paramsdir
|
check_config $paramsdir
|
||||||
|
|
||||||
|
# remount /boot as ro
|
||||||
|
mount -o remount,ro /boot
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# remount /boot as ro
|
||||||
|
mount -o remount,ro /boot
|
||||||
|
|
||||||
die "$paramsdir: Unable to sign kexec hashes"
|
die "$paramsdir: Unable to sign kexec hashes"
|
||||||
|
Loading…
Reference in New Issue
Block a user