composefs/soft-reboot: Handle soft reboot for UKIs

Similar to soft reboots for Type1 entries, we compute the SHA256Sum of
.linux + .initrd sections in the UKI, and compare them to check for
kernel skew

Next, compare the .cmdline section skipping the `composefs=` parameter
as that will always be different

Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>

Author: Johan-Liebert1

crates/lib/src/bootc_composefs/mod.rs

@@ -10,3 +10,4 @@ pub(crate) mod state;
 pub(crate) mod status;
 pub(crate) mod switch;
 pub(crate) mod update;
+pub(crate) mod utils;

crates/lib/src/bootc_composefs/state.rs

@@ -1,5 +1,4 @@
 use std::io::Write;
-use std::ops::Deref;
 use std::os::unix::fs::symlink;
 use std::path::Path;
 use std::{fs::create_dir_all, process::Command};
@@ -108,20 +107,22 @@ pub(crate) fn copy_etc_to_state(
     cp_ret
 }
 
-/// Updates the currently booted image's target imgref
-pub(crate) fn update_target_imgref_in_origin(
+/// Adds or updates the provided key/value pairs in the .origin file of the deployment pointed to
+/// by the `deployment_id`
+fn add_update_in_origin(
     storage: &Storage,
-    booted_cfs: &BootedComposefs,
-    imgref: &ImageReference,
+    deployment_id: &str,
+    section: &str,
+    kv_pairs: &[(&str, &str)],
 ) -> Result<()> {
-    let path = Path::new(STATE_DIR_RELATIVE).join(booted_cfs.cmdline.digest.deref());
+    let path = Path::new(STATE_DIR_RELATIVE).join(deployment_id);
 
     let state_dir = storage
         .physical_root
         .open_dir(path)
         .context("Opening state dir")?;
 
-    let origin_filename = format!("{}.origin", booted_cfs.cmdline.digest.deref());
+    let origin_filename = format!("{deployment_id}.origin");
 
     let origin_file = state_dir
         .read_to_string(&origin_filename)
@@ -130,11 +131,9 @@ pub(crate) fn update_target_imgref_in_origin(
     let mut ini =
         tini::Ini::from_string(&origin_file).context("Failed to parse file origin file as ini")?;
 
-    // Replace the origin
-    ini = ini.section("origin").item(
-        ORIGIN_CONTAINER,
-        format!("ostree-unverified-image:{imgref}"),
-    );
+    for (key, value) in kv_pairs {
+        ini = ini.section(section).item(*key, *value);
+    }
 
     state_dir
         .atomic_replace_with(origin_filename, move |f| -> std::io::Result<_> {
@@ -151,6 +150,36 @@ pub(crate) fn update_target_imgref_in_origin(
     Ok(())
 }
 
+/// Updates the currently booted image's target imgref
+pub(crate) fn update_target_imgref_in_origin(
+    storage: &Storage,
+    booted_cfs: &BootedComposefs,
+    imgref: &ImageReference,
+) -> Result<()> {
+    add_update_in_origin(
+        storage,
+        booted_cfs.cmdline.digest.as_ref(),
+        "origin",
+        &[(
+            ORIGIN_CONTAINER,
+            &format!("ostree-unverified-image:{imgref}"),
+        )],
+    )
+}
+
+pub(crate) fn update_boot_digest_in_origin(
+    storage: &Storage,
+    digest: &str,
+    boot_digest: &str,
+) -> Result<()> {
+    add_update_in_origin(
+        storage,
+        digest,
+        ORIGIN_KEY_BOOT,
+        &[(ORIGIN_KEY_BOOT_DIGEST, boot_digest)],
+    )
+}
+
 /// Creates and populates /sysroot/state/deploy/image_id
 #[context("Writing composefs state")]
 pub(crate) fn write_composefs_state(
@@ -159,7 +188,7 @@ pub(crate) fn write_composefs_state(
     imgref: &ImageReference,
     staged: bool,
     boot_type: BootType,
-    boot_digest: Option<String>,
+    boot_digest: String,
 ) -> Result<()> {
     let state_path = root_path
         .join(STATE_DIR_RELATIVE)
@@ -197,11 +226,9 @@ pub(crate) fn write_composefs_state(
         .section(ORIGIN_KEY_BOOT)
         .item(ORIGIN_KEY_BOOT_TYPE, boot_type);
 
-    if let Some(boot_digest) = boot_digest {
-        config = config
-            .section(ORIGIN_KEY_BOOT)
-            .item(ORIGIN_KEY_BOOT_DIGEST, boot_digest);
-    }
+    config = config
+        .section(ORIGIN_KEY_BOOT)
+        .item(ORIGIN_KEY_BOOT_DIGEST, boot_digest);
 
     let state_dir =
         Dir::open_ambient_dir(&state_path, ambient_authority()).context("Opening state dir")?;

crates/lib/src/bootc_composefs/status.rs

@@ -6,7 +6,10 @@ use bootc_mount::inspect_filesystem;
 use fn_error_context::context;
 
 use crate::{
-    bootc_composefs::boot::BootType,
+    bootc_composefs::{
+        boot::BootType,
+        utils::{compute_store_boot_digest_for_uki, get_uki_cmdline},
+    },
     composefs_consts::{
         COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT_DIGEST, TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED, USER_CFG,
     },
@@ -307,26 +310,33 @@ pub(crate) async fn get_composefs_status(
     composefs_deployment_status_from(&storage, booted_cfs.cmdline).await
 }
 
-fn set_soft_reboot_capable_bls(
+/// Check whether any deployment is capable of being soft rebooted or not
+#[context("Checking soft reboot capability")]
+fn set_soft_reboot_capability(
     storage: &Storage,
     host: &mut Host,
-    bls_entries: &Vec<BLSConfig>,
+    bls_entries: Option<Vec<BLSConfig>>,
     cmdline: &ComposefsCmdline,
 ) -> Result<()> {
     let booted = host.require_composefs_booted()?;
 
     match booted.boot_type {
         BootType::Bls => {
-            set_reboot_capable_type1_deployments(storage, cmdline, host, bls_entries)?;
-        }
+            let mut bls_entries =
+                bls_entries.ok_or_else(|| anyhow::anyhow!("BLS entries not provided"))?;
 
-        BootType::Uki => match booted.bootloader {
-            Bootloader::Grub => todo!(),
-            Bootloader::Systemd => todo!(),
-        },
-    };
+            let staged_entries =
+                get_sorted_staged_type1_boot_entries(storage.require_boot_dir()?, false)?;
 
-    Ok(())
+            // We will have a duplicate booted entry here, but that's fine as we only use this
+            // vector to check for existence of an entry
+            bls_entries.extend(staged_entries);
+
+            set_reboot_capable_type1_deployments(cmdline, host, bls_entries)
+        }
+
+        BootType::Uki => set_reboot_capable_uki_deployments(storage, cmdline, host),
+    }
 }
 
 fn find_bls_entry<'a>(
@@ -363,73 +373,112 @@ fn compare_cmdline_skip_cfs(first: &Cmdline<'_>, second: &Cmdline<'_>) -> bool {
     return true;
 }
 
-fn set_soft_reboot_capable_type1(
-    deployment: &mut BootEntry,
-    bls_entries: &Vec<BLSConfig>,
-    booted_bls_entry: &BLSConfig,
-    booted_boot_digest: &String,
+#[context("Setting soft reboot capability for Type1 entries")]
+fn set_reboot_capable_type1_deployments(
+    booted_cmdline: &ComposefsCmdline,
+    host: &mut Host,
+    bls_entries: Vec<BLSConfig>,
 ) -> Result<()> {
-    let deployment_cfs = deployment.require_composefs()?;
+    let booted = host
+        .status
+        .booted
+        .as_ref()
+        .ok_or_else(|| anyhow::anyhow!("Failed to find booted entry"))?;
+
+    let booted_boot_digest = booted.composefs_boot_digest()?;
+
+    let booted_bls_entry = find_bls_entry(&*booted_cmdline.digest, &bls_entries)?
+        .ok_or_else(|| anyhow::anyhow!("Booted BLS entry not found"))?;
 
-    // TODO: Unwrap
-    if deployment_cfs.boot_digest.as_ref().unwrap() != booted_boot_digest {
-        deployment.soft_reboot_capable = false;
-        return Ok(());
+    let booted_cmdline = booted_bls_entry.get_cmdline()?;
+
+    for depl in host
+        .status
+        .staged
+        .iter_mut()
+        .chain(host.status.rollback.iter_mut())
+        .chain(host.status.other_deployments.iter_mut())
+    {
+        let entry = find_bls_entry(&depl.require_composefs()?.verity, &bls_entries)?
+            .ok_or_else(|| anyhow::anyhow!("Entry not found"))?;
+
+        let depl_cmdline = entry.get_cmdline()?;
+
+        depl.soft_reboot_capable = is_soft_rebootable(
+            depl.composefs_boot_digest()?,
+            booted_boot_digest,
+            depl_cmdline,
+            booted_cmdline,
+        );
     }
 
-    let entry = find_bls_entry(&deployment_cfs.verity, bls_entries)?
-        .ok_or_else(|| anyhow::anyhow!("Entry not found"))?;
+    Ok(())
+}
 
-    let opts = entry.get_cmdline()?;
-    let booted_cmdline_opts = booted_bls_entry.get_cmdline()?;
+fn is_soft_rebootable(
+    depl_boot_digest: &str,
+    booted_boot_digest: &str,
+    depl_cmdline: &Cmdline,
+    booted_cmdline: &Cmdline,
+) -> bool {
+    if depl_boot_digest != booted_boot_digest {
+        tracing::debug!("Soft reboot not allowed due to kernel skew");
+        return false;
+    }
 
-    if opts.len() != booted_cmdline_opts.len() {
+    if depl_cmdline.as_bytes().len() != booted_cmdline.as_bytes().len() {
         tracing::debug!("Soft reboot not allowed due to differing cmdline");
-        deployment.soft_reboot_capable = false;
-        return Ok(());
+        return false;
     }
 
-    deployment.soft_reboot_capable = compare_cmdline_skip_cfs(opts, booted_cmdline_opts)
-        && compare_cmdline_skip_cfs(booted_cmdline_opts, opts);
-
-    return Ok(());
+    return compare_cmdline_skip_cfs(depl_cmdline, booted_cmdline)
+        && compare_cmdline_skip_cfs(booted_cmdline, depl_cmdline);
 }
 
-fn set_reboot_capable_type1_deployments(
+#[context("Setting soft reboot capability for UKI deployments")]
+fn set_reboot_capable_uki_deployments(
     storage: &Storage,
     cmdline: &ComposefsCmdline,
     host: &mut Host,
-    bls_entries: &Vec<BLSConfig>,
 ) -> Result<()> {
     let booted = host
         .status
         .booted
         .as_ref()
         .ok_or_else(|| anyhow::anyhow!("Failed to find booted entry"))?;
 
-    let booted_boot_digest = booted.composefs_boot_digest()?;
-
-    let booted_bls_entry = find_bls_entry(&*cmdline.digest, bls_entries)?
-        .ok_or_else(|| anyhow::anyhow!("Booted bls entry not found"))?;
+    // Since older booted systems won't have the boot digest for UKIs
+    let booted_boot_digest = match booted.composefs_boot_digest() {
+        Ok(d) => d,
+        Err(_) => &compute_store_boot_digest_for_uki(storage, &cmdline.digest)?,
+    };
 
-    if let Some(staged) = host.status.staged.as_mut() {
-        let staged_entries =
-            get_sorted_staged_type1_boot_entries(storage.require_boot_dir()?, true)?;
+    let booted_cmdline = get_uki_cmdline(storage, &booted.require_composefs()?.verity)?;
 
-        set_soft_reboot_capable_type1(
-            staged,
-            &staged_entries,
-            booted_bls_entry,
-            booted_boot_digest,
-        )?;
-    }
+    for deployment in host
+        .status
+        .staged
+        .iter_mut()
+        .chain(host.status.rollback.iter_mut())
+        .chain(host.status.other_deployments.iter_mut())
+    {
+        // Since older booted systems won't have the boot digest for UKIs
+        let depl_boot_digest = match deployment.composefs_boot_digest() {
+            Ok(d) => d,
+            Err(_) => &compute_store_boot_digest_for_uki(
+                storage,
+                &deployment.require_composefs()?.verity,
+            )?,
+        };
 
-    if let Some(rollback) = &mut host.status.rollback {
-        set_soft_reboot_capable_type1(rollback, bls_entries, booted_bls_entry, booted_boot_digest)?;
-    }
+        let depl_cmdline = get_uki_cmdline(storage, &deployment.require_composefs()?.verity)?;
 
-    for depl in &mut host.status.other_deployments {
-        set_soft_reboot_capable_type1(depl, bls_entries, booted_bls_entry, booted_boot_digest)?;
+        deployment.soft_reboot_capable = is_soft_rebootable(
+            depl_boot_digest,
+            booted_boot_digest,
+            &depl_cmdline,
+            &booted_cmdline,
+        );
     }
 
     Ok(())
@@ -602,9 +651,7 @@ pub(crate) async fn composefs_deployment_status_from(
         host.spec.boot_order = BootOrder::Rollback
     };
 
-    if let Some(bls_configs) = sorted_bls_config {
-        set_soft_reboot_capable_bls(storage, &mut host, &bls_configs, cmdline)?;
-    }
+    set_soft_reboot_capability(storage, &mut host, sorted_bls_config, cmdline)?;
 
     Ok(host)
 }

crates/lib/src/bootc_composefs/utils.rs

@@ -0,0 +1,58 @@
+use crate::{
+    bootc_composefs::{
+        boot::{compute_boot_digest_uki, SYSTEMD_UKI_DIR},
+        state::update_boot_digest_in_origin,
+    },
+    store::Storage,
+};
+use anyhow::Result;
+use bootc_kernel_cmdline::utf8::Cmdline;
+use fn_error_context::context;
+
+fn get_uki(storage: &Storage, deployment_verity: &str) -> Result<Vec<u8>> {
+    let uki_dir = storage
+        .esp
+        .as_ref()
+        .ok_or_else(|| anyhow::anyhow!("ESP not mounted"))?
+        .fd
+        .open_dir(SYSTEMD_UKI_DIR)?;
+
+    let req_fname = format!("{deployment_verity}.efi");
+
+    for entry in uki_dir.entries_utf8()? {
+        let pe = entry?;
+
+        let filename = pe.file_name()?;
+
+        if filename != req_fname {
+            continue;
+        }
+
+        return Ok(uki_dir.read(filename)?);
+    }
+
+    anyhow::bail!("UKI for deployment {deployment_verity} not found")
+}
+
+#[context("Computing and storing boot digest for UKI")]
+pub(crate) fn compute_store_boot_digest_for_uki(
+    storage: &Storage,
+    deployment_verity: &str,
+) -> Result<String> {
+    let uki = get_uki(storage, deployment_verity)?;
+    let digest = compute_boot_digest_uki(&uki)?;
+
+    update_boot_digest_in_origin(storage, &deployment_verity, &digest)?;
+    return Ok(digest);
+}
+
+#[context("Getting UKI cmdline")]
+pub(crate) fn get_uki_cmdline(
+    storage: &Storage,
+    deployment_verity: &str,
+) -> Result<Cmdline<'static>> {
+    let uki = get_uki(storage, deployment_verity)?;
+    let cmdline = composefs_boot::uki::get_cmdline(&uki)?;
+
+    return Ok(Cmdline::from(cmdline.to_owned()));
+}