Class: Bootloader::SystemdBoot

Inherits:

BootloaderBase

• Object
• BootloaderBase
• Bootloader::SystemdBoot

Includes:

Yast::I18n, Yast::Logger

Defined in:

src/lib/bootloader/systemdboot.rb

Overview

Represents systemd bootloader with efi target

Constant Summary

CMDLINE =

"/etc/kernel/cmdline"

Instance Attribute Summary

• #menu_timeout ⇒ Integer

  Menu timeout.

• #secure_boot ⇒ Boolean

  Current secure boot setting.

Instance Method Summary

• #cpu_mitigations ⇒ Object

  rubocop:enable Metrics/AbcSize.

• #cpu_mitigations=(value) ⇒ Object
• #delete ⇒ Object
• #explicit_cpu_mitigations ⇒ Object
• #initialize ⇒ SystemdBoot constructor

  A new instance of SystemdBoot.

• #kernel_params ⇒ Object
• #merge(other) ⇒ Object

  rubocop:disable Metrics/AbcSize.

• #name ⇒ Object
• #packages ⇒ Object
• #propose ⇒ Object
• #read ⇒ Object
• #secure_boot_summary ⇒ String

  Secure boot setting shown in summary screen.

• #status_string(status) ⇒ Object
• #summary ⇒ Object

  Display bootloader summary.

• #write(etc_only: false) ⇒ Object

  Write bootloader settings to disk.

• #write_sysconfig(prewrite: false) ⇒ Object

  overwrite BootloaderBase version to save secure boot.

Methods inherited from BootloaderBase

#prepare, #proposed?, #read?

Constructor Details

#initialize ⇒ SystemdBoot

Returns a new instance of SystemdBoot.

# File 'src/lib/bootloader/systemdboot.rb', line 32

def initialize
  super

  textdomain "bootloader"
  # For kernel parameters we are using the same data structure
  # like grub2 in order to be compatible with all calls.
  @kernel_container = ::CFA::Grub2::Default.new
  @explicit_cpu_mitigations = false
end

Instance Attribute Details

#menu_timeout ⇒ Integer

Returns menu timeout.

Returns:

• (Integer) —

  menu timeout

# File 'src/lib/bootloader/systemdboot.rb', line 26

def menu_timeout
  @menu_timeout
end

#secure_boot ⇒ Boolean

Returns current secure boot setting.

Returns:

• (Boolean) —

  current secure boot setting

# File 'src/lib/bootloader/systemdboot.rb', line 30

def secure_boot
  @secure_boot
end

Instance Method Details

#cpu_mitigations ⇒ Object

rubocop:enable Metrics/AbcSize

# File 'src/lib/bootloader/systemdboot.rb', line 81

def cpu_mitigations
  CpuMitigations.from_kernel_params(kernel_params)
end

#cpu_mitigations=(value) ⇒ Object

# File 'src/lib/bootloader/systemdboot.rb', line 89

def cpu_mitigations=(value)
  log.info "set mitigations to #{value.to_human_string}"
  @explicit_cpu_mitigations = true
  value.modify_kernel_params(kernel_params)
end

#delete ⇒ Object

# File 'src/lib/bootloader/systemdboot.rb', line 186

def delete
  log.warn("is currently not supported")
end

#explicit_cpu_mitigations ⇒ Object

# File 'src/lib/bootloader/systemdboot.rb', line 85

def explicit_cpu_mitigations
  @explicit_cpu_mitigations ? cpu_mitigations : nil
end

#kernel_params ⇒ Object

# File 'src/lib/bootloader/systemdboot.rb', line 42

def kernel_params
  @kernel_container.kernel_params
end

#merge(other) ⇒ Object

rubocop:disable Metrics/AbcSize

# File 'src/lib/bootloader/systemdboot.rb', line 47

def merge(other)
  log.info "merging: timeout: #{menu_timeout}=>#{other.menu_timeout}"
  log.info "         secure_boot: #{secure_boot}=>#{other.secure_boot}"
  log.info "         mitigations: #{cpu_mitigations.to_human_string}=>" \
           "#{other.cpu_mitigations.to_human_string}"
  log.info "         kernel_params: #{kernel_params.serialize}=>" \
           "#{other.kernel_params.serialize}"
  super
  self.menu_timeout = other.menu_timeout unless other.menu_timeout.nil?
  self.secure_boot = other.secure_boot unless other.secure_boot.nil?

  kernel_serialize = kernel_params.serialize
  # handle specially noresume as it should lead to remove all other resume
  kernel_serialize.gsub!(/resume=\S+/, "") if other.kernel_params.parameter("noresume")

  # prevent double cpu_mitigations params
  kernel_serialize.gsub!(/mitigations=\S+/, "") if other.kernel_params.parameter("mitigations")

  new_kernel_params = "#{kernel_serialize} #{other.kernel_params.serialize}"
  # deduplicate identicatel parameter. Keep always the last one ( so reverse is needed ).
  new_params = new_kernel_params.split.reverse.uniq.reverse.join(" ")

  @kernel_container.kernel_params.replace(new_params)

  # explicitly set mitigations means overwrite of our
  self.cpu_mitigations = other.cpu_mitigations if other.explicit_cpu_mitigations

  log.info "merging result: timeout: #{menu_timeout}"
  log.info "                secure_boot: #{secure_boot}"
  log.info "                mitigations: #{cpu_mitigations.to_human_string}"
  log.info "                kernel_params: #{kernel_params.serialize}"
end

#name ⇒ Object

# File 'src/lib/bootloader/systemdboot.rb', line 168

def name
  "systemd-boot"
end

#packages ⇒ Object

# File 'src/lib/bootloader/systemdboot.rb', line 172

def packages
  res = super
  res << "sdbootutil" << "systemd-boot"

  case Yast::Arch.architecture
  when "x86_64"
    res << "shim" if secure_boot
  else
    log.warn "Unknown architecture #{Yast::Arch.architecture} for systemdboot"
  end

  res
end

#propose ⇒ Object

# File 'src/lib/bootloader/systemdboot.rb', line 122

def propose
  super
  log.info("Propose settings...")
  if @kernel_container.kernel_params.empty?
    kernel_line = Yast::BootArch.DefaultKernelParams(Yast::BootStorage.propose_resume)
    @kernel_container.kernel_params.replace(kernel_line)
  end
  self.menu_timeout = Yast::ProductFeatures.GetIntegerFeature("globals", "boot_timeout").to_i
  self.secure_boot = Systeminfo.secure_boot_supported?
end

#read ⇒ Object

# File 'src/lib/bootloader/systemdboot.rb', line 95

def read
  super

  read_menu_timeout
  self.secure_boot = Systeminfo.secure_boot_active?

  lines = ""
  filename = File.join(Yast::Installation.destdir, CMDLINE)
  if File.exist?(filename)
    File.open(filename).each do |line|
      lines = + line
    end
  end
  @kernel_container.kernel_params.replace(lines)
end

#secure_boot_summary ⇒ String

Secure boot setting shown in summary screen. sdbootutil intialize secure boot if shim has been installed.

Returns:

• (String)

# File 'src/lib/bootloader/systemdboot.rb', line 145

def secure_boot_summary
  link = if secure_boot
    "<a href=\"disable_secure_boot\">(#{_("disable")})</a>"
  else
    "<a href=\"enable_secure_boot\">(#{_("enable")})</a>"
  end

  "#{_("Secure Boot:")} #{status_string(secure_boot)} #{link}"
end

#status_string(status) ⇒ Object

# File 'src/lib/bootloader/systemdboot.rb', line 133

def status_string(status)
  if status
    _("enabled")
  else
    _("disabled")
  end
end

#summary ⇒ Object

Display bootloader summary

Returns:

• a list of summary lines

# File 'src/lib/bootloader/systemdboot.rb', line 157

def summary(*)
  result = [
    Yast::Builtins.sformat(
      _("Boot Loader Type: %1"),
      "Systemd Boot"
    )
  ]
  result << secure_boot_summary if Systeminfo.secure_boot_available?(name)
  result
end

#write(etc_only: false) ⇒ Object

Write bootloader settings to disk

# File 'src/lib/bootloader/systemdboot.rb', line 112

def write(etc_only: false)
  super
  log.info("Writing settings...")
  install_bootloader if Yast::Stage.initial # while new installation only (currently)
  create_menu_entries
  write_menu_timeout

  true
end

#write_sysconfig(prewrite: false) ⇒ Object

overwrite BootloaderBase version to save secure boot

# File 'src/lib/bootloader/systemdboot.rb', line 191

def write_sysconfig(prewrite: false)
  sysconfig = Bootloader::Sysconfig.new(bootloader: name,
    secure_boot: secure_boot, trusted_boot: false,
    update_nvram: false)
  prewrite ? sysconfig.pre_write : sysconfig.write
end