diff --git a/nix/modules/lanzaboote.nix b/nix/modules/lanzaboote.nix index cc7ab25d..5029549b 100644 --- a/nix/modules/lanzaboote.nix +++ b/nix/modules/lanzaboote.nix @@ -15,6 +15,12 @@ let loaderConfigFile = loaderSettingsFormat.generate "loader.conf" cfg.settings; configurationLimit = if cfg.configurationLimit == null then 0 else cfg.configurationLimit; + + bootMountPoint = + if config.boot.loader.systemd-boot.xbootldrMountPoint != null then + config.boot.loader.systemd-boot.xbootldrMountPoint + else + config.boot.loader.efi.efiSysMountPoint; in { options.boot.lanzaboote = { @@ -139,6 +145,7 @@ in --private-key ${cfg.privateKeyFile} \ --configuration-limit ${toString configurationLimit} \ ${config.boot.loader.efi.efiSysMountPoint} \ + ${bootMountPoint} \ /nix/var/nix/profiles/system-*-link ''; }; diff --git a/rust/tool/shared/src/esp.rs b/rust/tool/shared/src/esp.rs index dbab2ccb..337ba9cb 100644 --- a/rust/tool/shared/src/esp.rs +++ b/rust/tool/shared/src/esp.rs @@ -5,7 +5,7 @@ use crate::architecture::Architecture; /// Generic ESP paths which can be specific to a bootloader pub trait EspPaths { /// Build an ESP path structure out of the ESP root directory - fn new(esp: impl AsRef, arch: Architecture) -> Self; + fn new(esp: impl AsRef, boot: impl AsRef, arch: Architecture) -> Self; /// Return the used file paths to store as garbage collection roots. fn iter(&self) -> std::array::IntoIter<&PathBuf, N>; diff --git a/rust/tool/shared/src/pe.rs b/rust/tool/shared/src/pe.rs index a2d202c0..9979e8ae 100644 --- a/rust/tool/shared/src/pe.rs +++ b/rust/tool/shared/src/pe.rs @@ -34,7 +34,7 @@ impl StubParameters { initrd_path: &Path, kernel_target: &Path, initrd_target: &Path, - esp: &Path, + boot: &Path, ) -> Result { // Resolve maximally those paths // We won't verify they are store paths, otherwise the mocking strategy will fail for our @@ -44,8 +44,8 @@ impl StubParameters { lanzaboote_store_path: lanzaboote_stub.to_path_buf(), kernel_store_path: kernel_path.to_path_buf(), initrd_store_path: initrd_path.to_path_buf(), - kernel_path_at_esp: esp_relative_uefi_path(esp, kernel_target)?, - initrd_path_at_esp: esp_relative_uefi_path(esp, initrd_target)?, + kernel_path_at_esp: esp_relative_uefi_path(boot, kernel_target)?, + initrd_path_at_esp: esp_relative_uefi_path(boot, initrd_target)?, kernel_cmdline: Vec::new(), os_release_contents: Vec::new(), }) diff --git a/rust/tool/systemd/src/cli.rs b/rust/tool/systemd/src/cli.rs index 6fab4f5a..5b639350 100644 --- a/rust/tool/systemd/src/cli.rs +++ b/rust/tool/systemd/src/cli.rs @@ -57,6 +57,10 @@ struct InstallCommand { /// EFI system partition mountpoint (e.g. efiSysMountPoint) esp: PathBuf, + /// $BOOT as per [Boot Loader Specification](https://uapi-group.org/specifications/specs/boot_loader_specification/#the-boot-partition-placeholder) + /// (i.e. xbootldrMountPoint if exists, otherwise efiSysMountPoint) + boot: PathBuf, + /// List of generation links (e.g. /nix/var/nix/profiles/system-*-link) generations: Vec, } @@ -103,6 +107,7 @@ fn install(args: InstallCommand) -> Result<()> { local_signer, args.configuration_limit, args.esp, + args.boot, args.generations, ) .install() diff --git a/rust/tool/systemd/src/esp.rs b/rust/tool/systemd/src/esp.rs index 7227367f..2c439d87 100644 --- a/rust/tool/systemd/src/esp.rs +++ b/rust/tool/systemd/src/esp.rs @@ -9,6 +9,8 @@ use lanzaboote_tool::esp::EspPaths; pub struct SystemdEspPaths { pub esp: PathBuf, pub efi: PathBuf, + pub boot: PathBuf, + pub boot_efi: PathBuf, pub nixos: PathBuf, pub linux: PathBuf, pub efi_fallback_dir: PathBuf, @@ -19,26 +21,30 @@ pub struct SystemdEspPaths { pub systemd_boot_loader_config: PathBuf, } -impl EspPaths<10> for SystemdEspPaths { - fn new(esp: impl AsRef, architecture: Architecture) -> Self { +impl EspPaths<12> for SystemdEspPaths { + fn new(esp: impl AsRef, boot: impl AsRef, architecture: Architecture) -> Self { let esp = esp.as_ref(); - let efi = esp.join("EFI"); - let efi_nixos = efi.join("nixos"); - let efi_linux = efi.join("Linux"); - let efi_systemd = efi.join("systemd"); - let efi_efi_fallback_dir = efi.join("BOOT"); + let boot = boot.as_ref(); + let esp_efi = esp.join("EFI"); + let boot_efi = boot.join("EFI"); + let boot_efi_nixos = boot_efi.join("nixos"); + let boot_efi_linux = boot_efi.join("Linux"); + let esp_efi_systemd = esp_efi.join("systemd"); + let esp_efi_efi_fallback_dir = esp_efi.join("BOOT"); let loader = esp.join("loader"); let systemd_boot_loader_config = loader.join("loader.conf"); Self { esp: esp.to_path_buf(), - efi, - nixos: efi_nixos, - linux: efi_linux, - efi_fallback_dir: efi_efi_fallback_dir.clone(), - efi_fallback: efi_efi_fallback_dir.join(architecture.efi_fallback_filename()), - systemd: efi_systemd.clone(), - systemd_boot: efi_systemd.join(architecture.systemd_filename()), + efi: esp_efi, + boot: boot.to_path_buf(), + boot_efi, + nixos: boot_efi_nixos, + linux: boot_efi_linux, + efi_fallback_dir: esp_efi_efi_fallback_dir.clone(), + efi_fallback: esp_efi_efi_fallback_dir.join(architecture.efi_fallback_filename()), + systemd: esp_efi_systemd.clone(), + systemd_boot: esp_efi_systemd.join(architecture.systemd_filename()), loader, systemd_boot_loader_config, } @@ -52,10 +58,12 @@ impl EspPaths<10> for SystemdEspPaths { &self.linux } - fn iter(&self) -> std::array::IntoIter<&PathBuf, 10> { + fn iter(&self) -> std::array::IntoIter<&PathBuf, 12> { [ &self.esp, &self.efi, + &self.boot, + &self.boot_efi, &self.nixos, &self.linux, &self.efi_fallback_dir, diff --git a/rust/tool/systemd/src/install.rs b/rust/tool/systemd/src/install.rs index dbbfe912..9cbbdc73 100644 --- a/rust/tool/systemd/src/install.rs +++ b/rust/tool/systemd/src/install.rs @@ -47,10 +47,11 @@ impl Installer { signer: S, configuration_limit: usize, esp: PathBuf, + boot: PathBuf, generation_links: Vec, ) -> Self { let mut gc_roots = Roots::new(); - let esp_paths = SystemdEspPaths::new(esp, arch); + let esp_paths = SystemdEspPaths::new(esp, boot, arch); gc_roots.extend(esp_paths.iter()); Self { @@ -253,7 +254,7 @@ impl Installer { &initrd_location, &kernel_target, &initrd_target, - &self.esp_paths.esp, + &self.esp_paths.boot, )? .with_cmdline(&kernel_cmdline) .with_os_release_contents(os_release_contents.as_bytes()); @@ -283,11 +284,11 @@ impl Installer { let stub = fs::read(&stub_target) .with_context(|| format!("Failed to read the stub: {}", stub_target.display()))?; let kernel_path = resolve_efi_path( - &self.esp_paths.esp, + &self.esp_paths.boot, pe::read_section_data(&stub, ".linux").context("Missing kernel path.")?, )?; let initrd_path = resolve_efi_path( - &self.esp_paths.esp, + &self.esp_paths.boot, pe::read_section_data(&stub, ".initrd").context("Missing initrd path.")?, )?; diff --git a/rust/tool/systemd/tests/integration/common.rs b/rust/tool/systemd/tests/integration/common.rs index 45e0611b..5ec1a6e5 100644 --- a/rust/tool/systemd/tests/integration/common.rs +++ b/rust/tool/systemd/tests/integration/common.rs @@ -138,6 +138,7 @@ fn random_string(length: usize) -> String { pub fn lanzaboote_install( config_limit: u64, esp_mountpoint: &Path, + boot_mountpoint: &Path, generation_links: impl IntoIterator>, ) -> Result { // To simplify the test setup, we use the systemd stub here instead of the lanzaboote stub. See @@ -172,6 +173,7 @@ pub fn lanzaboote_install( .arg("--configuration-limit") .arg(config_limit.to_string()) .arg(esp_mountpoint) + .arg(boot_mountpoint) .args(generation_links) .output()?; diff --git a/rust/tool/systemd/tests/integration/gc.rs b/rust/tool/systemd/tests/integration/gc.rs index ed6d32ab..d836102a 100644 --- a/rust/tool/systemd/tests/integration/gc.rs +++ b/rust/tool/systemd/tests/integration/gc.rs @@ -9,6 +9,7 @@ use crate::common::{self, count_files}; #[test] fn keep_only_configured_number_of_generations() -> Result<()> { let esp_mountpoint = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let generation_links: Vec = [1, 2, 3] @@ -18,11 +19,17 @@ fn keep_only_configured_number_of_generations() -> Result<()> { .expect("Failed to setup generation link") }) .collect(); - let stub_count = || count_files(&esp_mountpoint.path().join("EFI/Linux")).unwrap(); - let kernel_and_initrd_count = || count_files(&esp_mountpoint.path().join("EFI/nixos")).unwrap(); + let stub_count = || count_files(&boot_mountpoint.path().join("EFI/Linux")).unwrap(); + let kernel_and_initrd_count = + || count_files(&boot_mountpoint.path().join("EFI/nixos")).unwrap(); // Install all 3 generations. - let output0 = common::lanzaboote_install(0, esp_mountpoint.path(), generation_links.clone())?; + let output0 = common::lanzaboote_install( + 0, + esp_mountpoint.path(), + boot_mountpoint.path(), + generation_links.clone(), + )?; assert!(output0.status.success()); assert_eq!(stub_count(), 3, "Wrong number of stubs after installation"); assert_eq!( @@ -33,7 +40,12 @@ fn keep_only_configured_number_of_generations() -> Result<()> { // Call `lanzatool install` again with a config limit of 2 and assert that one is deleted. // In addition, the garbage kernel should be deleted as well. - let output1 = common::lanzaboote_install(2, esp_mountpoint.path(), generation_links)?; + let output1 = common::lanzaboote_install( + 2, + esp_mountpoint.path(), + boot_mountpoint.path(), + generation_links, + )?; assert!(output1.status.success()); assert_eq!(stub_count(), 2, "Wrong number of stubs after gc."); assert_eq!( @@ -48,6 +60,7 @@ fn keep_only_configured_number_of_generations() -> Result<()> { #[test] fn delete_garbage_kernel() -> Result<()> { let esp_mountpoint = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let generation_links: Vec = [1, 2, 3] @@ -57,22 +70,33 @@ fn delete_garbage_kernel() -> Result<()> { .expect("Failed to setup generation link") }) .collect(); - let stub_count = || count_files(&esp_mountpoint.path().join("EFI/Linux")).unwrap(); - let kernel_and_initrd_count = || count_files(&esp_mountpoint.path().join("EFI/nixos")).unwrap(); + let stub_count = || count_files(&boot_mountpoint.path().join("EFI/Linux")).unwrap(); + let kernel_and_initrd_count = + || count_files(&boot_mountpoint.path().join("EFI/nixos")).unwrap(); // Install all 3 generations. - let output0 = common::lanzaboote_install(0, esp_mountpoint.path(), generation_links.clone())?; + let output0 = common::lanzaboote_install( + 0, + esp_mountpoint.path(), + boot_mountpoint.path(), + generation_links.clone(), + )?; assert!(output0.status.success()); // Create a garbage kernel, which should be deleted. fs::write( - esp_mountpoint.path().join("EFI/nixos/kernel-garbage.efi"), + boot_mountpoint.path().join("EFI/nixos/kernel-garbage.efi"), "garbage", )?; // Call `lanzatool install` again with a config limit of 2. // In addition, the garbage kernel should be deleted as well. - let output1 = common::lanzaboote_install(2, esp_mountpoint.path(), generation_links)?; + let output1 = common::lanzaboote_install( + 2, + esp_mountpoint.path(), + boot_mountpoint.path(), + generation_links, + )?; assert!(output1.status.success()); assert_eq!(stub_count(), 2, "Wrong number of stubs after gc."); @@ -88,6 +112,7 @@ fn delete_garbage_kernel() -> Result<()> { #[test] fn keep_unrelated_files_on_esp() -> Result<()> { let esp_mountpoint = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let generation_links: Vec = [1, 2, 3] @@ -99,11 +124,16 @@ fn keep_unrelated_files_on_esp() -> Result<()> { .collect(); // Install all 3 generations. - let output0 = common::lanzaboote_install(0, esp_mountpoint.path(), generation_links.clone())?; + let output0 = common::lanzaboote_install( + 0, + esp_mountpoint.path(), + boot_mountpoint.path(), + generation_links.clone(), + )?; assert!(output0.status.success()); let unrelated_loader_config = esp_mountpoint.path().join("loader/loader.conf"); - let unrelated_uki = esp_mountpoint.path().join("EFI/Linux/ubuntu.efi"); + let unrelated_uki = boot_mountpoint.path().join("EFI/Linux/ubuntu.efi"); let unrelated_os = esp_mountpoint.path().join("EFI/windows"); let unrelated_firmware = esp_mountpoint.path().join("dell"); fs::File::create(&unrelated_loader_config)?; @@ -112,7 +142,12 @@ fn keep_unrelated_files_on_esp() -> Result<()> { fs::create_dir(&unrelated_firmware)?; // Call `lanzatool install` again with a config limit of 2. - let output1 = common::lanzaboote_install(2, esp_mountpoint.path(), generation_links)?; + let output1 = common::lanzaboote_install( + 2, + esp_mountpoint.path(), + boot_mountpoint.path(), + generation_links, + )?; assert!(output1.status.success()); assert!(unrelated_loader_config.exists()); diff --git a/rust/tool/systemd/tests/integration/install.rs b/rust/tool/systemd/tests/integration/install.rs index 0ccbf71b..09430fc7 100644 --- a/rust/tool/systemd/tests/integration/install.rs +++ b/rust/tool/systemd/tests/integration/install.rs @@ -12,6 +12,7 @@ use crate::common::{ #[test] fn do_not_install_duplicates() -> Result<()> { let esp = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let toplevel = common::setup_toplevel(tmpdir.path())?; @@ -20,10 +21,12 @@ fn do_not_install_duplicates() -> Result<()> { let generation_link2 = setup_generation_link_from_toplevel(&toplevel, profiles.path(), 2)?; let generation_links = vec![generation_link1, generation_link2]; - let stub_count = || count_files(&esp.path().join("EFI/Linux")).unwrap(); - let kernel_and_initrd_count = || count_files(&esp.path().join("EFI/nixos")).unwrap(); + let stub_count = || count_files(&boot_mountpoint.path().join("EFI/Linux")).unwrap(); + let kernel_and_initrd_count = + || count_files(&boot_mountpoint.path().join("EFI/nixos")).unwrap(); - let output1 = common::lanzaboote_install(0, esp.path(), generation_links)?; + let output1 = + common::lanzaboote_install(0, esp.path(), boot_mountpoint.path(), generation_links)?; assert!(output1.status.success()); assert_eq!(stub_count(), 2, "Wrong number of stubs after installation"); assert_eq!( @@ -37,18 +40,24 @@ fn do_not_install_duplicates() -> Result<()> { #[test] fn do_not_overwrite_images() -> Result<()> { let esp = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let toplevel = common::setup_toplevel(tmpdir.path())?; - let image1 = common::image_path(&esp, 1, &toplevel)?; - let image2 = common::image_path(&esp, 2, &toplevel)?; + let image1 = common::image_path(&boot_mountpoint, 1, &toplevel)?; + let image2 = common::image_path(&boot_mountpoint, 2, &toplevel)?; let generation_link1 = setup_generation_link_from_toplevel(&toplevel, profiles.path(), 1)?; let generation_link2 = setup_generation_link_from_toplevel(&toplevel, profiles.path(), 2)?; let generation_links = vec![generation_link1, generation_link2]; - let output1 = common::lanzaboote_install(0, esp.path(), generation_links.clone())?; + let output1 = common::lanzaboote_install( + 0, + esp.path(), + boot_mountpoint.path(), + generation_links.clone(), + )?; assert!(output1.status.success()); assert!(verify_signature(&image1)?); @@ -56,7 +65,8 @@ fn do_not_overwrite_images() -> Result<()> { assert!(!verify_signature(&image1)?); assert!(verify_signature(&image2)?); - let output2 = common::lanzaboote_install(0, esp.path(), generation_links)?; + let output2 = + common::lanzaboote_install(0, esp.path(), boot_mountpoint.path(), generation_links)?; assert!(output2.status.success()); assert!(!verify_signature(&image1)?); @@ -68,24 +78,35 @@ fn do_not_overwrite_images() -> Result<()> { #[test] fn detect_generation_number_reuse() -> Result<()> { let esp = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let toplevel1 = common::setup_toplevel(tmpdir.path())?; let toplevel2 = common::setup_toplevel(tmpdir.path())?; - let image1 = common::image_path(&esp, 1, &toplevel1)?; + let image1 = common::image_path(&boot_mountpoint, 1, &toplevel1)?; // this deliberately gets the same number! - let image2 = common::image_path(&esp, 1, &toplevel2)?; + let image2 = common::image_path(&boot_mountpoint, 1, &toplevel2)?; let generation_link1 = setup_generation_link_from_toplevel(&toplevel1, profiles.path(), 1)?; - let output1 = common::lanzaboote_install(0, esp.path(), vec![generation_link1])?; + let output1 = common::lanzaboote_install( + 0, + esp.path(), + boot_mountpoint.path(), + vec![generation_link1], + )?; assert!(output1.status.success()); assert!(image1.exists()); assert!(!image2.exists()); std::fs::remove_dir_all(profiles.path().join("system-1-link"))?; let generation_link2 = setup_generation_link_from_toplevel(&toplevel2, profiles.path(), 1)?; - let output2 = common::lanzaboote_install(0, esp.path(), vec![generation_link2])?; + let output2 = common::lanzaboote_install( + 0, + esp.path(), + boot_mountpoint.path(), + vec![generation_link2], + )?; assert!(output2.status.success()); assert!(!image1.exists()); assert!(image2.exists()); @@ -96,6 +117,7 @@ fn detect_generation_number_reuse() -> Result<()> { #[test] fn content_addressing_works() -> Result<()> { let esp = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let toplevel = common::setup_toplevel(tmpdir.path())?; @@ -106,10 +128,11 @@ fn content_addressing_works() -> Result<()> { let kernel_hash_source = hash_file(&toplevel.join("eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-6.1.1/kernel")); - let output0 = common::lanzaboote_install(1, esp.path(), generation_links)?; + let output0 = + common::lanzaboote_install(1, esp.path(), boot_mountpoint.path(), generation_links)?; assert!(output0.status.success()); - let kernel_path = esp.path().join(format!( + let kernel_path = boot_mountpoint.path().join(format!( "EFI/nixos/kernel-6.1.1-{}.efi", Base32Unpadded::encode_string(&kernel_hash_source) )); diff --git a/rust/tool/systemd/tests/integration/os_release.rs b/rust/tool/systemd/tests/integration/os_release.rs index dfc23eec..7e2cf7c7 100644 --- a/rust/tool/systemd/tests/integration/os_release.rs +++ b/rust/tool/systemd/tests/integration/os_release.rs @@ -9,6 +9,7 @@ use crate::common; #[test] fn generate_expected_os_release() -> Result<()> { let esp_mountpoint = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let toplevel = common::setup_toplevel(tmpdir.path())?; @@ -17,10 +18,15 @@ fn generate_expected_os_release() -> Result<()> { common::setup_generation_link_from_toplevel(&toplevel, profiles.path(), 1) .expect("Failed to setup generation link"); - let output0 = common::lanzaboote_install(0, esp_mountpoint.path(), vec![generation_link])?; + let output0 = common::lanzaboote_install( + 0, + esp_mountpoint.path(), + boot_mountpoint.path(), + vec![generation_link], + )?; assert!(output0.status.success()); - let stub_data = fs::read(common::image_path(&esp_mountpoint, 1, &toplevel)?)?; + let stub_data = fs::read(common::image_path(&boot_mountpoint, 1, &toplevel)?)?; let os_release_section = pe_section(&stub_data, ".osrel") .context("Failed to read .osrelease PE section.")? .to_owned(); diff --git a/rust/tool/systemd/tests/integration/systemd_boot.rs b/rust/tool/systemd/tests/integration/systemd_boot.rs index 34ce7c3e..3e1ad21c 100644 --- a/rust/tool/systemd/tests/integration/systemd_boot.rs +++ b/rust/tool/systemd/tests/integration/systemd_boot.rs @@ -11,6 +11,7 @@ use crate::common::{self, hash_file, mtime, remove_signature, verify_signature, #[test] fn keep_systemd_boot_binaries() -> Result<()> { let esp = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let generation_link = common::setup_generation_link(tmpdir.path(), profiles.path(), 1) @@ -19,7 +20,12 @@ fn keep_systemd_boot_binaries() -> Result<()> { let systemd_boot_path = systemd_boot_path(&esp); let systemd_boot_fallback_path = systemd_boot_fallback_path(&esp); - let output0 = common::lanzaboote_install(0, esp.path(), vec![&generation_link])?; + let output0 = common::lanzaboote_install( + 0, + esp.path(), + boot_mountpoint.path(), + vec![&generation_link], + )?; assert!(output0.status.success()); // Use the modification time instead of a hash because the hash would be the same even if the @@ -27,7 +33,8 @@ fn keep_systemd_boot_binaries() -> Result<()> { let systemd_boot_mtime0 = mtime(&systemd_boot_path); let systemd_boot_fallback_mtime0 = mtime(&systemd_boot_fallback_path); - let output1 = common::lanzaboote_install(0, esp.path(), vec![generation_link])?; + let output1 = + common::lanzaboote_install(0, esp.path(), boot_mountpoint.path(), vec![generation_link])?; assert!(output1.status.success()); let systemd_boot_mtime1 = mtime(&systemd_boot_path); @@ -48,6 +55,7 @@ fn keep_systemd_boot_binaries() -> Result<()> { #[test] fn overwrite_malformed_systemd_boot_binaries() -> Result<()> { let esp = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let generation_link = common::setup_generation_link(tmpdir.path(), profiles.path(), 1) @@ -56,7 +64,12 @@ fn overwrite_malformed_systemd_boot_binaries() -> Result<()> { let systemd_boot_path = systemd_boot_path(&esp); let systemd_boot_fallback_path = systemd_boot_fallback_path(&esp); - let output0 = common::lanzaboote_install(0, esp.path(), vec![&generation_link])?; + let output0 = common::lanzaboote_install( + 0, + esp.path(), + boot_mountpoint.path(), + vec![&generation_link], + )?; assert!(output0.status.success()); // Make systemd-boot binaries malformed by truncating them. @@ -66,7 +79,8 @@ fn overwrite_malformed_systemd_boot_binaries() -> Result<()> { let malformed_systemd_boot_hash = hash_file(&systemd_boot_path); let malformed_systemd_boot_fallback_hash = hash_file(&systemd_boot_fallback_path); - let output1 = common::lanzaboote_install(0, esp.path(), vec![generation_link])?; + let output1 = + common::lanzaboote_install(0, esp.path(), boot_mountpoint.path(), vec![generation_link])?; assert!(output1.status.success()); let systemd_boot_hash = hash_file(&systemd_boot_path); @@ -87,6 +101,7 @@ fn overwrite_malformed_systemd_boot_binaries() -> Result<()> { #[test] fn overwrite_unsigned_systemd_boot_binaries() -> Result<()> { let esp = tempdir()?; + let boot_mountpoint = tempdir()?; let tmpdir = tempdir()?; let profiles = tempdir()?; let generation_link = common::setup_generation_link(tmpdir.path(), profiles.path(), 1) @@ -95,7 +110,12 @@ fn overwrite_unsigned_systemd_boot_binaries() -> Result<()> { let systemd_boot_path = systemd_boot_path(&esp); let systemd_boot_fallback_path = systemd_boot_fallback_path(&esp); - let output0 = common::lanzaboote_install(0, esp.path(), vec![&generation_link])?; + let output0 = common::lanzaboote_install( + 0, + esp.path(), + boot_mountpoint.path(), + vec![&generation_link], + )?; assert!(output0.status.success()); remove_signature(&systemd_boot_path)?; @@ -103,7 +123,8 @@ fn overwrite_unsigned_systemd_boot_binaries() -> Result<()> { assert!(!verify_signature(&systemd_boot_path)?); assert!(!verify_signature(&systemd_boot_fallback_path)?); - let output1 = common::lanzaboote_install(0, esp.path(), vec![generation_link])?; + let output1 = + common::lanzaboote_install(0, esp.path(), boot_mountpoint.path(), vec![generation_link])?; assert!(output1.status.success()); assert!(verify_signature(&systemd_boot_path)?);