composefs-boot: support writing insecure composefs cmdline

croissanne · allisonkarlitskaya · commit 0cacbc974018 · 2025-06-24T15:13:09.000+02:00
Supports writing `composefs=?&lt;root-id&gt;`.

Signed-off-by: Sanne Raymaekers &lt;sanne.raymaekers@gmail.com&gt;
diff --git a/crates/cfsctl/src/main.rs b/crates/cfsctl/src/main.rs
@@ -291,6 +291,7 @@ async fn main() -> Result<()> {
                     &repo,
                     entry,
                     &id,
+                    args.insecure,
                     bootdir,
                     None,
                     entry_id.as_deref(),
diff --git a/crates/composefs-boot/src/bootloader.rs b/crates/composefs-boot/src/bootloader.rs
@@ -11,7 +11,7 @@ use composefs::{
     tree::{Directory, FileSystem, ImageError, Inode, LeafContent, RegularFile},
 };
 
-use crate::cmdline::split_cmdline;
+use crate::cmdline::{make_cmdline_composefs, split_cmdline};
 
 /// Strips the key (if it matches) plus the following whitespace from a single line in a "Type #1
 /// Boot Loader Specification Entry" file.
@@ -101,9 +101,9 @@ impl BootLoaderEntryFile {
 
     /// Adjusts the kernel command-line arguments by adding a composefs= parameter (if appropriate)
     /// and adding additional arguments, as requested.
-    pub fn adjust_cmdline(&mut self, composefs: Option<&str>, extra: &[&str]) {
+    pub fn adjust_cmdline(&mut self, composefs: Option<&str>, insecure: bool, extra: &[&str]) {
         if let Some(id) = composefs {
-            self.add_cmdline(&format!("composefs={id}"));
+            self.add_cmdline(&make_cmdline_composefs(id, insecure));
         }
 
         for item in extra {
diff --git a/crates/composefs-boot/src/cmdline.rs b/crates/composefs-boot/src/cmdline.rs
@@ -38,3 +38,10 @@ pub fn get_cmdline_composefs<ObjectID: FsVerityHashValue>(
         Ok((ObjectID::from_hex(id)?, false))
     }
 }
+
+pub fn make_cmdline_composefs(id: &str, insecure: bool) -> String {
+    match insecure {
+        true => format!("composefs=?{}", id),
+        false => format!("composefs={}", id),
+    }
+}
diff --git a/crates/composefs-boot/src/write_boot.rs b/crates/composefs-boot/src/write_boot.rs
@@ -3,13 +3,13 @@ use std::{
     path::Path,
 };
 
-use anyhow::{bail, ensure, Result};
+use anyhow::{ensure, Result};
 
 use composefs::{fsverity::FsVerityHashValue, repository::Repository};
 
 use crate::{
     bootloader::{read_file, BootEntry, Type1Entry, Type2Entry},
-    cmdline::get_cmdline_value,
+    cmdline::get_cmdline_composefs,
     uki,
 };
 
@@ -18,6 +18,7 @@ pub fn write_t1_simple<ObjectID: FsVerityHashValue>(
     bootdir: &Path,
     boot_subdir: Option<&str>,
     root_id: &ObjectID,
+    insecure: bool,
     cmdline_extra: &[&str],
     repo: &Repository<ObjectID>,
 ) -> Result<()> {
@@ -29,7 +30,7 @@ pub fn write_t1_simple<ObjectID: FsVerityHashValue>(
     };
 
     t1.entry
-        .adjust_cmdline(Some(&root_id.to_hex()), cmdline_extra);
+        .adjust_cmdline(Some(&root_id.to_hex()), insecure, cmdline_extra);
 
     // Write the content before we write the loader entry
     for (filename, file) in &t1.files {
@@ -59,13 +60,11 @@ pub fn write_t2_simple<ObjectID: FsVerityHashValue>(
     create_dir_all(&efi_linux)?;
     let filename = efi_linux.join(t2.filename.as_ref());
     let content = read_file(&t2.file, repo)?;
-    let Some(composefs) = get_cmdline_value(uki::get_cmdline(&content)?, "composefs=") else {
-        bail!("The UKI is missing a composefs= commandline parameter");
-    };
-    let expected = root_id.to_hex();
+    let (composefs, _) = get_cmdline_composefs::<ObjectID>(uki::get_cmdline(&content)?)?;
+
     ensure!(
-        composefs == expected,
-        "The UKI has the wrong composefs= parameter (is '{composefs}', should be {expected})"
+        &composefs == root_id,
+        "The UKI has the wrong composefs= parameter (is '{composefs:?}', should be {root_id:?})"
     );
     write(filename, content)?;
     Ok(())
@@ -99,10 +98,12 @@ pub fn write_t2_simple<ObjectID: FsVerityHashValue>(
 /// * entry_id       - In case of a BLS entry, the name of file to be generated in `loader/entries`
 /// * cmdline_extra  - Extra kernel command line arguments
 ///
+#[allow(clippy::too_many_arguments)]
 pub fn write_boot_simple<ObjectID: FsVerityHashValue>(
     repo: &Repository<ObjectID>,
     entry: BootEntry<ObjectID>,
     root_id: &ObjectID,
+    insecure: bool,
     boot_partition: &Path,
     boot_subdir: Option<&str>,
     entry_id: Option<&str>,
@@ -118,6 +119,7 @@ pub fn write_boot_simple<ObjectID: FsVerityHashValue>(
                 boot_partition,
                 boot_subdir,
                 root_id,
+                insecure,
                 cmdline_extra,
                 repo,
             )?;
@@ -140,6 +142,7 @@ pub fn write_boot_simple<ObjectID: FsVerityHashValue>(
                 boot_partition,
                 boot_subdir,
                 root_id,
+                insecure,
                 cmdline_extra,
                 repo,
             )?;

Original file line number	Diff line number	Diff line change
`@@ -38,3 +38,10 @@ pub fn get_cmdline_composefs<ObjectID: FsVerityHashValue>(`
`38`	`38`	`Ok((ObjectID::from_hex(id)?, false))`
`39`	`39`	`}`
`40`	`40`	`}`
	`41`	`+`
	`42`	`+pub fn make_cmdline_composefs(id: &str, insecure: bool) -> String {`
	`43`	`+ match insecure {`
	`44`	`+ true => format!("composefs=?{}", id),`
	`45`	`+ false => format!("composefs={}", id),`
	`46`	`+ }`
	`47`	`+}`