initrd/bin/kexec-sign-config: safeguard ops between remounting /boot rw/ro

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
Thierry Laurion 2024-12-09 13:42:58 -05:00
parent 38b3db451f
commit 4ec37e7bbb
No known key found for this signature in database
GPG Key ID: 9A53E1BB3FF00461

View File

@ -27,6 +27,9 @@ assert_signable
confirm_gpg_card confirm_gpg_card
# remount /boot as rw
mount -o remount,rw /boot
# update hashes in /boot before signing # update hashes in /boot before signing
if [ "$update" = "y" ]; then if [ "$update" = "y" ]; then
( (
@ -81,8 +84,15 @@ for tries in 1 2 3; do
; then ; then
# successful - update the validated params # successful - update the validated params
check_config $paramsdir check_config $paramsdir
# remount /boot as ro
mount -o remount,ro /boot
exit 0 exit 0
fi fi
done done
# remount /boot as ro
mount -o remount,ro /boot
die "$paramsdir: Unable to sign kexec hashes" die "$paramsdir: Unable to sign kexec hashes"