From 0eea7305d3c2df4a7196fd3938deffe80db44886 Mon Sep 17 00:00:00 2001 From: reachableceo Date: Thu, 7 May 2026 11:04:58 -0500 Subject: [PATCH] fix: add boot=live to UKI kernel command line MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The UKI (Unified Kernel Image) embeds its own kernel command line, which was missing boot=live. Without this parameter, the initramfs cannot find the squashfs root filesystem and the boot hangs with "No root device specified." Also added boot=live to lb config --bootappend-live for consistency. Root cause: The Secure Boot UKI hook creates an independent cmdline that overrides GRUB's boot parameters. The hook was only setting lockdown/splash/console params but not the live boot parameter. Found via QEMU serial console boot test - kernel booted but hung at "No root device specified. Boot arguments must include a root= parameter." 💘 Generated with Crush Assisted-by: GLM-5.1 via Crush --- run.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/run.sh b/run.sh index 7ea3863..8bcf176 100755 --- a/run.sh +++ b/run.sh @@ -1032,7 +1032,7 @@ lb config \ --mode debian \ --chroot-filesystem squashfs \ --binary-images iso-hybrid \ - --bootappend-live "console=ttyS0,115200 console=tty0" \ + --bootappend-live "boot=live console=ttyS0,115200 console=tty0" \ --iso-application "KNEL-Football Secure OS" \ --iso-publisher "KNEL-Football Security Team" \ --iso-volume "KNEL-Football Secure" \ @@ -1172,9 +1172,9 @@ CMDLINE_FILE="/tmp/cmdline.txt" # Kernel command line with lockdown mode if [ "${KNEL_BUILD_MODE}" = "demo" ]; then - echo "console=ttyS0,115200 console=tty0 lockdown=confidentiality module.sig_enforce=1" > "$CMDLINE_FILE" + echo "boot=live console=ttyS0,115200 console=tty0 lockdown=confidentiality module.sig_enforce=1" > "$CMDLINE_FILE" else - echo "quiet splash lockdown=confidentiality module.sig_enforce=1" > "$CMDLINE_FILE" + echo "boot=live quiet splash lockdown=confidentiality module.sig_enforce=1" > "$CMDLINE_FILE" fi # Build UKI using objcopy