mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-19 21:17:55 +00:00
61609ff709
The early recovery shell ("hold R") and serial recovery both could
bypass Restricted Boot since they occurred before config.user was
loaded. Load config.user earlier before these recovery methods.
Executing a shell directly (if recovery failed) also would bypass
Restricted Boot, additionally leaking /tmp/secret. Remove this from
the early recovery shell logic. Also remove the final failsafe exec
and move the "just in case" recovery from normal boot here instead, in
case the regular init script fails.
Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
|
||
|---|---|---|
| .. | ||
| .gnupg | ||
| bin | ||
| etc | ||
| run/cryptsetup | ||
| sbin | ||
| .ash_history | ||
| init | ||
| mount-boot | ||