composefs/soft-reboot: Handle soft reboot for UKIs

Similar to soft reboots for Type1 entries, we compute the SHA256Sum of
.linux + .initrd sections in the UKI, and compare them to check for
kernel skew

Next, compare the .cmdline section skipping the `composefs=` parameter
as that will always be different

Signed-off-by: Pragyan Poudyal <pragyanpoudyal41999@gmail.com>

Author: Johan-Liebert1

crates/lib/src/bootc_composefs/boot.rs

@@ -79,11 +79,8 @@ use cap_std_ext::{
 use clap::ValueEnum;
 use composefs::fs::read_file;
 use composefs::tree::RegularFile;
+use composefs_boot::bootloader::{PEType, EFI_ADDON_DIR_EXT, EFI_ADDON_FILE_EXT, EFI_EXT};
 use composefs_boot::BootOps;
-use composefs_boot::{
-    bootloader::{PEType, EFI_ADDON_DIR_EXT, EFI_ADDON_FILE_EXT, EFI_EXT},
-    uki::UkiError,
-};
 use fn_error_context::context;
 use ostree_ext::composefs::fsverity::{FsVerityHashValue, Sha512HashValue};
 use ostree_ext::composefs_boot::bootloader::UsrLibModulesVmlinuz;
@@ -840,8 +837,7 @@ fn write_pe_to_esp(
             );
         }
 
-        let osrel = uki::get_text_section(&efi_bin, ".osrel")
-            .ok_or(UkiError::PortableExecutableError)??;
+        let osrel = uki::get_text_section(&efi_bin, ".osrel")?;
 
         let parsed_osrel = OsReleaseInfo::parse(osrel);
 

crates/lib/src/bootc_composefs/mod.rs

@@ -10,3 +10,4 @@ pub(crate) mod state;
 pub(crate) mod status;
 pub(crate) mod switch;
 pub(crate) mod update;
+pub(crate) mod utils;

crates/lib/src/bootc_composefs/state.rs

@@ -1,5 +1,4 @@
 use std::io::Write;
-use std::ops::Deref;
 use std::os::unix::fs::symlink;
 use std::path::Path;
 use std::{fs::create_dir_all, process::Command};
@@ -108,20 +107,22 @@ pub(crate) fn copy_etc_to_state(
     cp_ret
 }
 
-/// Updates the currently booted image's target imgref
-pub(crate) fn update_target_imgref_in_origin(
+/// Adds or updates the provided key/value pairs in the .origin file of the deployment pointed to
+/// by the `deployment_id`
+fn add_update_in_origin(
     storage: &Storage,
-    booted_cfs: &BootedComposefs,
-    imgref: &ImageReference,
+    deployment_id: &str,
+    section: &str,
+    kv_pairs: &[(&str, &str)],
 ) -> Result<()> {
-    let path = Path::new(STATE_DIR_RELATIVE).join(booted_cfs.cmdline.digest.deref());
+    let path = Path::new(STATE_DIR_RELATIVE).join(deployment_id);
 
     let state_dir = storage
         .physical_root
         .open_dir(path)
         .context("Opening state dir")?;
 
-    let origin_filename = format!("{}.origin", booted_cfs.cmdline.digest.deref());
+    let origin_filename = format!("{deployment_id}.origin");
 
     let origin_file = state_dir
         .read_to_string(&origin_filename)
@@ -130,11 +131,9 @@ pub(crate) fn update_target_imgref_in_origin(
     let mut ini =
         tini::Ini::from_string(&origin_file).context("Failed to parse file origin file as ini")?;
 
-    // Replace the origin
-    ini = ini.section("origin").item(
-        ORIGIN_CONTAINER,
-        format!("ostree-unverified-image:{imgref}"),
-    );
+    for (key, value) in kv_pairs {
+        ini = ini.section(section).item(*key, *value);
+    }
 
     state_dir
         .atomic_replace_with(origin_filename, move |f| -> std::io::Result<_> {
@@ -151,6 +150,36 @@ pub(crate) fn update_target_imgref_in_origin(
     Ok(())
 }
 
+/// Updates the currently booted image's target imgref
+pub(crate) fn update_target_imgref_in_origin(
+    storage: &Storage,
+    booted_cfs: &BootedComposefs,
+    imgref: &ImageReference,
+) -> Result<()> {
+    add_update_in_origin(
+        storage,
+        booted_cfs.cmdline.digest.as_ref(),
+        "origin",
+        &[(
+            ORIGIN_CONTAINER,
+            &format!("ostree-unverified-image:{imgref}"),
+        )],
+    )
+}
+
+pub(crate) fn update_boot_digest_in_origin(
+    storage: &Storage,
+    digest: &str,
+    boot_digest: &str,
+) -> Result<()> {
+    add_update_in_origin(
+        storage,
+        digest,
+        ORIGIN_KEY_BOOT,
+        &[(ORIGIN_KEY_BOOT_DIGEST, boot_digest)],
+    )
+}
+
 /// Creates and populates the composefs state directory for a deployment.
 ///
 /// This function sets up the state directory structure and configuration files
@@ -184,7 +213,7 @@ pub(crate) async fn write_composefs_state(
     target_imgref: &ImageReference,
     staged: bool,
     boot_type: BootType,
-    boot_digest: Option<String>,
+    boot_digest: String,
     container_details: &ImgConfigManifest,
 ) -> Result<()> {
     let state_path = root_path
@@ -223,11 +252,9 @@ pub(crate) async fn write_composefs_state(
         .section(ORIGIN_KEY_BOOT)
         .item(ORIGIN_KEY_BOOT_TYPE, boot_type);
 
-    if let Some(boot_digest) = boot_digest {
-        config = config
-            .section(ORIGIN_KEY_BOOT)
-            .item(ORIGIN_KEY_BOOT_DIGEST, boot_digest);
-    }
+    config = config
+        .section(ORIGIN_KEY_BOOT)
+        .item(ORIGIN_KEY_BOOT_DIGEST, boot_digest);
 
     let state_dir =
         Dir::open_ambient_dir(&state_path, ambient_authority()).context("Opening state dir")?;

crates/lib/src/bootc_composefs/status.rs

@@ -7,7 +7,9 @@ use fn_error_context::context;
 use serde::{Deserialize, Serialize};
 
 use crate::{
-    bootc_composefs::{boot::BootType, repo::get_imgref},
+    bootc_composefs::{
+        boot::BootType, repo::get_imgref, utils::{compute_store_boot_digest_for_uki, get_uki_cmdline}
+    },
     composefs_consts::{
         COMPOSEFS_CMDLINE, ORIGIN_KEY_BOOT_DIGEST, TYPE1_ENT_PATH, TYPE1_ENT_PATH_STAGED, USER_CFG,
     },
@@ -350,26 +352,33 @@ pub(crate) async fn get_composefs_status(
     composefs_deployment_status_from(&storage, booted_cfs.cmdline).await
 }
 
-fn set_soft_reboot_capable_bls(
+/// Check whether any deployment is capable of being soft rebooted or not
+#[context("Checking soft reboot capability")]
+fn set_soft_reboot_capability(
     storage: &Storage,
     host: &mut Host,
-    bls_entries: &Vec<BLSConfig>,
+    bls_entries: Option<Vec<BLSConfig>>,
     cmdline: &ComposefsCmdline,
 ) -> Result<()> {
     let booted = host.require_composefs_booted()?;
 
     match booted.boot_type {
         BootType::Bls => {
-            set_reboot_capable_type1_deployments(storage, cmdline, host, bls_entries)?;
-        }
+            let mut bls_entries =
+                bls_entries.ok_or_else(|| anyhow::anyhow!("BLS entries not provided"))?;
 
-        BootType::Uki => match booted.bootloader {
-            Bootloader::Grub => todo!(),
-            Bootloader::Systemd => todo!(),
-        },
-    };
+            let staged_entries =
+                get_sorted_staged_type1_boot_entries(storage.require_boot_dir()?, false)?;
 
-    Ok(())
+            // We will have a duplicate booted entry here, but that's fine as we only use this
+            // vector to check for existence of an entry
+            bls_entries.extend(staged_entries);
+
+            set_reboot_capable_type1_deployments(cmdline, host, bls_entries)
+        }
+
+        BootType::Uki => set_reboot_capable_uki_deployments(storage, cmdline, host),
+    }
 }
 
 fn find_bls_entry<'a>(
@@ -406,73 +415,112 @@ fn compare_cmdline_skip_cfs(first: &Cmdline<'_>, second: &Cmdline<'_>) -> bool {
     return true;
 }
 
-fn set_soft_reboot_capable_type1(
-    deployment: &mut BootEntry,
-    bls_entries: &Vec<BLSConfig>,
-    booted_bls_entry: &BLSConfig,
-    booted_boot_digest: &String,
+#[context("Setting soft reboot capability for Type1 entries")]
+fn set_reboot_capable_type1_deployments(
+    booted_cmdline: &ComposefsCmdline,
+    host: &mut Host,
+    bls_entries: Vec<BLSConfig>,
 ) -> Result<()> {
-    let deployment_cfs = deployment.require_composefs()?;
+    let booted = host
+        .status
+        .booted
+        .as_ref()
+        .ok_or_else(|| anyhow::anyhow!("Failed to find booted entry"))?;
+
+    let booted_boot_digest = booted.composefs_boot_digest()?;
+
+    let booted_bls_entry = find_bls_entry(&*booted_cmdline.digest, &bls_entries)?
+        .ok_or_else(|| anyhow::anyhow!("Booted BLS entry not found"))?;
 
-    // TODO: Unwrap
-    if deployment_cfs.boot_digest.as_ref().unwrap() != booted_boot_digest {
-        deployment.soft_reboot_capable = false;
-        return Ok(());
+    let booted_cmdline = booted_bls_entry.get_cmdline()?;
+
+    for depl in host
+        .status
+        .staged
+        .iter_mut()
+        .chain(host.status.rollback.iter_mut())
+        .chain(host.status.other_deployments.iter_mut())
+    {
+        let entry = find_bls_entry(&depl.require_composefs()?.verity, &bls_entries)?
+            .ok_or_else(|| anyhow::anyhow!("Entry not found"))?;
+
+        let depl_cmdline = entry.get_cmdline()?;
+
+        depl.soft_reboot_capable = is_soft_rebootable(
+            depl.composefs_boot_digest()?,
+            booted_boot_digest,
+            depl_cmdline,
+            booted_cmdline,
+        );
     }
 
-    let entry = find_bls_entry(&deployment_cfs.verity, bls_entries)?
-        .ok_or_else(|| anyhow::anyhow!("Entry not found"))?;
+    Ok(())
+}
 
-    let opts = entry.get_cmdline()?;
-    let booted_cmdline_opts = booted_bls_entry.get_cmdline()?;
+fn is_soft_rebootable(
+    depl_boot_digest: &str,
+    booted_boot_digest: &str,
+    depl_cmdline: &Cmdline,
+    booted_cmdline: &Cmdline,
+) -> bool {
+    if depl_boot_digest != booted_boot_digest {
+        tracing::debug!("Soft reboot not allowed due to kernel skew");
+        return false;
+    }
 
-    if opts.len() != booted_cmdline_opts.len() {
+    if depl_cmdline.as_bytes().len() != booted_cmdline.as_bytes().len() {
         tracing::debug!("Soft reboot not allowed due to differing cmdline");
-        deployment.soft_reboot_capable = false;
-        return Ok(());
+        return false;
     }
 
-    deployment.soft_reboot_capable = compare_cmdline_skip_cfs(opts, booted_cmdline_opts)
-        && compare_cmdline_skip_cfs(booted_cmdline_opts, opts);
-
-    return Ok(());
+    return compare_cmdline_skip_cfs(depl_cmdline, booted_cmdline)
+        && compare_cmdline_skip_cfs(booted_cmdline, depl_cmdline);
 }
 
-fn set_reboot_capable_type1_deployments(
+#[context("Setting soft reboot capability for UKI deployments")]
+fn set_reboot_capable_uki_deployments(
     storage: &Storage,
     cmdline: &ComposefsCmdline,
     host: &mut Host,
-    bls_entries: &Vec<BLSConfig>,
 ) -> Result<()> {
     let booted = host
         .status
         .booted
         .as_ref()
         .ok_or_else(|| anyhow::anyhow!("Failed to find booted entry"))?;
 
-    let booted_boot_digest = booted.composefs_boot_digest()?;
-
-    let booted_bls_entry = find_bls_entry(&*cmdline.digest, bls_entries)?
-        .ok_or_else(|| anyhow::anyhow!("Booted bls entry not found"))?;
+    // Since older booted systems won't have the boot digest for UKIs
+    let booted_boot_digest = match booted.composefs_boot_digest() {
+        Ok(d) => d,
+        Err(_) => &compute_store_boot_digest_for_uki(storage, &cmdline.digest)?,
+    };
 
-    if let Some(staged) = host.status.staged.as_mut() {
-        let staged_entries =
-            get_sorted_staged_type1_boot_entries(storage.require_boot_dir()?, true)?;
+    let booted_cmdline = get_uki_cmdline(storage, &booted.require_composefs()?.verity)?;
 
-        set_soft_reboot_capable_type1(
-            staged,
-            &staged_entries,
-            booted_bls_entry,
-            booted_boot_digest,
-        )?;
-    }
+    for deployment in host
+        .status
+        .staged
+        .iter_mut()
+        .chain(host.status.rollback.iter_mut())
+        .chain(host.status.other_deployments.iter_mut())
+    {
+        // Since older booted systems won't have the boot digest for UKIs
+        let depl_boot_digest = match deployment.composefs_boot_digest() {
+            Ok(d) => d,
+            Err(_) => &compute_store_boot_digest_for_uki(
+                storage,
+                &deployment.require_composefs()?.verity,
+            )?,
+        };
 
-    if let Some(rollback) = &mut host.status.rollback {
-        set_soft_reboot_capable_type1(rollback, bls_entries, booted_bls_entry, booted_boot_digest)?;
-    }
+        let depl_cmdline = get_uki_cmdline(storage, &deployment.require_composefs()?.verity)?;
 
-    for depl in &mut host.status.other_deployments {
-        set_soft_reboot_capable_type1(depl, bls_entries, booted_bls_entry, booted_boot_digest)?;
+        deployment.soft_reboot_capable = is_soft_rebootable(
+            depl_boot_digest,
+            booted_boot_digest,
+            &depl_cmdline,
+            &booted_cmdline,
+        );
     }
 
     Ok(())
@@ -645,9 +693,7 @@ pub(crate) async fn composefs_deployment_status_from(
         host.spec.boot_order = BootOrder::Rollback
     };
 
-    if let Some(bls_configs) = sorted_bls_config {
-        set_soft_reboot_capable_bls(storage, &mut host, &bls_configs, cmdline)?;
-    }
+    set_soft_reboot_capability(storage, &mut host, sorted_bls_config, cmdline)?;
 
     Ok(host)
 }