From 483bf5643aa1bdb498d7055ea20f534eac1d1486 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 14 Sep 2022 10:53:05 +0100 Subject: [PATCH 1/9] man: add missing subject in sentence --- man/systemctl.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemctl.xml b/man/systemctl.xml index 5c0e743d81..290d670fe5 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -487,7 +487,7 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err the new target, possibly including the graphical environment or terminal you are currently using. - Note that this is allowed only on units where + Note that this operation is allowed only on units where is enabled. See systemd.unit5 for details. From b66a6e1a5838b874b789820c090dd6850cf10513 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 15 Sep 2022 13:43:59 +0100 Subject: [PATCH 2/9] =?UTF-8?q?man:=20"the=20initial=20RAM=20disk"=20?= =?UTF-8?q?=E2=86=92=20"the=20initrd"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In many places we spelled out the phrase behind "initrd" in full, but this isn't terribly useful. In fact, no "RAM disk" is used, so emphasizing this is just confusing to the reader. Let's just say "initrd" everywhere, people understand what this refers to, and that it's in fact an initramfs image. Also, s/i.e./e.g./ where appropriate. Also, don't say "in RAM", when in fact it's virtual memory, whose pages may or may not be loaded in page frames in RAM, and we have no control over this. Also, add and other minor cleanups. --- man/bootctl.xml | 10 ++--- man/bootup.xml | 14 +++--- man/kernel-command-line.xml | 7 ++- man/kernel-install.xml | 25 ++++++----- man/org.freedesktop.systemd1.xml | 10 ++--- man/os-release.xml | 9 ++-- man/systemctl.xml | 19 ++++---- man/systemd-boot.xml | 2 +- man/systemd-creds.xml | 9 ++-- man/systemd-cryptenroll.xml | 4 +- man/systemd-cryptsetup-generator.xml | 67 +++++++++++----------------- man/systemd-fstab-generator.xml | 23 +++++----- man/systemd-modules-load.service.xml | 6 +-- man/systemd-nspawn.xml | 6 +-- man/systemd-random-seed.service.xml | 10 ++--- man/systemd-remount-fs.service.xml | 2 +- man/systemd-repart.xml | 56 +++++++++++------------ man/systemd-stub.xml | 22 ++++----- 18 files changed, 143 insertions(+), 158 deletions(-) diff --git a/man/bootctl.xml b/man/bootctl.xml index d7eea90a97..dfc56d6125 100644 --- a/man/bootctl.xml +++ b/man/bootctl.xml @@ -319,11 +319,11 @@ Controls creation and deletion of the Boot Loader Specification Type #1 entry - directory on the file system containing resources such as kernel images and initial RAM disk images - during and , respectively. The directory is named - after the entry token, as specified with parameter described below, - and is placed immediately below the $BOOT root directory (i.e. beneath the file - system returned by the option, see above). Defaults to + directory on the file system containing resources such as kernel and initrd images during + and , respectively. The directory is named after the + entry token, as specified with parameter described below, and is + placed immediately below the $BOOT root directory (i.e. beneath the file system + returned by the option, see above). Defaults to no. diff --git a/man/bootup.xml b/man/bootup.xml index 6c69c8a9bd..62a34fe3d7 100644 --- a/man/bootup.xml +++ b/man/bootup.xml @@ -33,13 +33,13 @@ The kernel (optionally) mounts an in-memory file system, often generated by dracut8, - which looks for the root file system. Nowadays this is usually implemented as an initramfs — a compressed - archive which is extracted when the kernel boots up into a lightweight in-memory file system based on - tmpfs, but in the past normal file systems using an in-memory block device (ramdisk) were used, and the - name "initrd" is still used to describe both concepts. It's the boot loader or the firmware that loads - both the kernel and initrd/initramfs images into memory, but the kernel which interprets it as a file - system. systemd1 may - be used to manage services in the initrd, similarly to the real system. + which looks for the root file system. Nowadays this is implemented as an "initramfs" — a compressed CPIO + archive that the kernel extracts into a tmpfs. In the past normal file systems using an in-memory block + device (ramdisk) were used, and the name "initrd" is still used to describe both concepts. It's the boot + loader or the firmware that loads both the kernel and initrd/initramfs images into memory, but the kernel + which interprets it as a file system. + systemd1 may be used + to manage services in the initrd, similarly to the real system. After the root file system is found and mounted, the initrd hands over control to the host's system manager (such as diff --git a/man/kernel-command-line.xml b/man/kernel-command-line.xml index c648f7779e..368783d6fe 100644 --- a/man/kernel-command-line.xml +++ b/man/kernel-command-line.xml @@ -27,8 +27,8 @@ Description - The kernel, the initial RAM disk (initrd) and basic userspace functionality may be configured at - boot via kernel command line arguments. In addition, various systemd tools look at the EFI variable + The kernel, the programs running in the initrd and in the host system may be configured at boot via + kernel command line arguments. In addition, various systemd tools look at the EFI variable SystemdOptions (if available). Both sources are combined, but the kernel command line has higher priority. Please note that the EFI variable is only used by systemd tools, and is ignored by the kernel and other user space tools, so it is not a replacement for the kernel @@ -40,8 +40,7 @@ and bootparam7. - For command line parameters understood by the initial RAM - disk, please see + For command line parameters understood by the initrd, see dracut.cmdline7, or the documentation of the specific initrd implementation of your installation. diff --git a/man/kernel-install.xml b/man/kernel-install.xml index f6a6c05126..475dd325a5 100644 --- a/man/kernel-install.xml +++ b/man/kernel-install.xml @@ -18,7 +18,7 @@ kernel-install - Add and remove kernel and initramfs images to and from /boot + Add and remove kernel and initrd images to and from /boot @@ -34,10 +34,15 @@ Description - kernel-install is used to install and remove kernel and initramfs images to and - from the boot loader partition, referred to as $BOOT here. It will usually be one of - /boot/, /efi/, or /boot/efi/, see below. - + kernel-install is used to install and remove kernel and initrd images + + Nowadays actually CPIO archives used as an "initramfs", rather than "initrd". See + bootup7 for an + explanation. + + to and from the boot loader partition, referred to as $BOOT here. It will usually be + one of /boot/, /efi/, or /boot/efi/, see + below. kernel-install will run the executable files ("plugins") located in the directory /usr/lib/kernel/install.d/ and the local administration directory @@ -63,16 +68,16 @@ add KERNEL-VERSION KERNEL-IMAGE [INITRD-FILE ...] - This command expects a kernel version string and a path to a kernel image file as - arguments. Optionally, one or more initial RAM disk images may be specified as well (note that - plugins might generate additional ones). kernel-install calls the executable - files from /usr/lib/kernel/install.d/*.install and + This command expects a kernel version string and a path to a kernel image file as arguments. + Optionally, one or more initrd images may be specified as well (note that plugins might generate + additional ones). kernel-install calls the executable files from + /usr/lib/kernel/install.d/*.install and /etc/kernel/install.d/*.install (i.e. the plugins) with the following arguments: add KERNEL-VERSION $BOOT/ENTRY-TOKEN/KERNEL-VERSION/ KERNEL-IMAGE [INITRD-FILE ...] - The third argument directly refers to the path where to place kernel images, initial RAM disk + The third argument directly refers to the path where to place kernel images, initrd images and other resources for Boot Loader Specification Type #1 entries (the "entry directory"). If other boot loader schemes are used the parameter may be ignored. The ENTRY-TOKEN string is diff --git a/man/org.freedesktop.systemd1.xml b/man/org.freedesktop.systemd1.xml index 919df52135..945c24a3a7 100644 --- a/man/org.freedesktop.systemd1.xml +++ b/man/org.freedesktop.systemd1.xml @@ -1368,11 +1368,11 @@ node /org/freedesktop/systemd1 { for more information. SwitchRoot() may be used to transition to a new root directory. This is - intended to be used by initial RAM disks. The method takes two arguments: the new root directory (which - needs to be specified) and an init binary path (which may be left empty, in which case it is - automatically searched for). The state of the system manager will be serialized before the - transition. After the transition, the manager binary on the main system is invoked and replaces the old - PID 1. All state will then be deserialized. + intended to be used in the initrd, and also to transition from the host system into a shutdown initrd. + The method takes two arguments: the new root directory (which needs to be specified) and an init binary + path (which may be left empty, in which case it is automatically searched for). The state of the system + manager will be serialized before the transition. After the transition, the manager binary on the main + system is invoked and replaces the old PID 1. All state will then be deserialized. SetEnvironment() may be used to alter the environment block that is passed to all spawned processes. It takes a string array of environment variable assignments. Any previously set diff --git a/man/os-release.xml b/man/os-release.xml index 168c1675a9..7325f840b9 100644 --- a/man/os-release.xml +++ b/man/os-release.xml @@ -442,11 +442,10 @@ Takes a space-separated list of one or more of the strings system, initrd and portable. This field is only supported in extension-release.d/ files and indicates what environments - the system extension is applicable to: i.e. to regular systems, to initial RAM filesystems - ("initrd") or to portable service images. If unspecified, SYSEXT_SCOPE=system - portable is implied, i.e. any system extension without this field is applicable to - regular systems and to portable service environments, but not to initrd - environments. + the system extension is applicable to: i.e. to regular systems, to initrds, or to portable service + images. If unspecified, SYSEXT_SCOPE=system portable is implied, i.e. any system + extension without this field is applicable to regular systems and to portable service environments, + but not to initrd environments. diff --git a/man/systemctl.xml b/man/systemctl.xml index 290d670fe5..4f70cd0c63 100644 --- a/man/systemctl.xml +++ b/man/systemctl.xml @@ -1527,15 +1527,16 @@ Jan 12 10:46:45 example.com bluetoothd[8900]: gatt-time-server: Input/output err switch-root ROOT INIT - Switches to a different root directory and executes a new system manager process below it. This is - intended for usage in initial RAM disks ("initrd"), and will transition from the initrd's system manager - process (a.k.a. "init" process) to the main system manager process which is loaded from the actual host - volume. This call takes two arguments: the directory that is to become the new root directory, and the path - to the new system manager binary below it to execute as PID 1. If the latter is omitted or the empty - string, a systemd binary will automatically be searched for and used as init. If the system manager path is - omitted, equal to the empty string or identical to the path to the systemd binary, the state of the - initrd's system manager process is passed to the main system manager, which allows later introspection of - the state of the services involved in the initrd boot phase. + Switches to a different root directory and executes a new system manager process below it. + This is intended for use in the initrd, and will transition from the initrd's system manager + process (a.k.a. "init" process) to the main system manager process which is loaded from the + actual host root files system. This call takes two arguments: the directory that is to become the + new root directory, and the path to the new system manager binary below it to execute as PID 1. + If the latter is omitted or the empty string, a systemd binary will automatically be searched for + and used as init. If the system manager path is omitted, equal to the empty string or identical + to the path to the systemd binary, the state of the initrd's system manager process is passed to + the main system manager, which allows later introspection of the state of the services involved + in the initrd boot phase. diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml index 7a2d3ec826..0eee532f90 100644 --- a/man/systemd-boot.xml +++ b/man/systemd-boot.xml @@ -444,7 +444,7 @@ stored in the EFI variable LoaderSystemToken (see below). During early OS boot the system manager reads this variable and passes it to the OS kernel's random pool, crediting the full entropy it contains. This is an efficient way to ensure the system starts up with a fully initialized - kernel random pool — as early as the initial RAM disk phase. systemd-boot reads + kernel random pool — as early as the initrd phase. systemd-boot reads the random seed from the ESP, combines it with the "system token", and both derives a new random seed to update in-place the seed stored in the ESP, and the random seed to pass to the OS from it via SHA256 hashing in counter mode. This ensures that different physical systems that boot the same diff --git a/man/systemd-creds.xml b/man/systemd-creds.xml index d9b30a7e96..1e97e2609b 100644 --- a/man/systemd-creds.xml +++ b/man/systemd-creds.xml @@ -129,11 +129,10 @@ Which of the three keys shall be used for encryption may be configured with the - switch. Depending on the use-case for the encrypted credential the key to - use may differ. For example, for credentials that shall be accessible from the initial RAM disk - (initrd) of the system encryption with the host key is not appropriate since access to the host key - is typically not available from the initrd. Thus, for such credentials only the TPM2 key should be - used. + switch. Depending on the use-case for the encrypted credential the key + to use may differ. For example, for credentials that shall be accessible from the initrd, encryption + with the host key is not appropriate, since access to the host key is typically not available from + the initrd. Thus, for such credentials only the TPM2 key should be used. Encrypted credentials are always encoded in Base64. diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml index 889dd39b03..7e1431a5ff 100644 --- a/man/systemd-cryptenroll.xml +++ b/man/systemd-cryptenroll.xml @@ -296,7 +296,7 @@ 9 - The Linux kernel measures all initial RAM file systems it receives into this PCR. + The Linux kernel measures all initrds it receives into this PCR. @@ -307,7 +307,7 @@ 11 - systemd-stub7 measures the ELF kernel image, embedded initrd and other payload of the PE image it is placed in into this PCR. Unlike PCR 4 (where the same data should be measured into), this PCR value should be easy to pre-calculate, as this only contains static parts of the PE binary. Use this PCR to bind TPM policies to a specific kernel image, possibly with an embedded initial RAM disk (initrd). + systemd-stub7 measures the ELF kernel image, embedded initrd and other payload of the PE image it is placed in into this PCR. Unlike PCR 4 (where the same data should be measured into), this PCR value should be easy to pre-calculate, as this only contains static parts of the PE binary. Use this PCR to bind TPM policies to a specific kernel image, possibly with an embedded initrd. diff --git a/man/systemd-cryptsetup-generator.xml b/man/systemd-cryptsetup-generator.xml index e5c193f692..5ba024a866 100644 --- a/man/systemd-cryptsetup-generator.xml +++ b/man/systemd-cryptsetup-generator.xml @@ -49,48 +49,40 @@ luks= rd.luks= - Takes a boolean argument. Defaults to - yes. If no, disables the - generator entirely. rd.luks= is honored - only by initial RAM disk (initrd) while - luks= is honored by both the main system - and the initrd. + Takes a boolean argument. Defaults to yes. If + no, disables the generator entirely. rd.luks= is honored only + in the initrd while luks= is honored by both the main system and in the initrd. + luks.crypttab= rd.luks.crypttab= - Takes a boolean argument. Defaults to - yes. If no, causes the - generator to ignore any devices configured in - /etc/crypttab - (luks.uuid= will still work however). - rd.luks.crypttab= is honored only by - initial RAM disk (initrd) while - luks.crypttab= is honored by both the main - system and the initrd. + Takes a boolean argument. Defaults to yes. If + no, causes the generator to ignore any devices configured in + /etc/crypttab (luks.uuid= will still work however). + rd.luks.crypttab= is honored only in initrd while + luks.crypttab= is honored by both the main system and the initrd. + luks.uuid= rd.luks.uuid= - Takes a LUKS superblock UUID as argument. This - will activate the specified device as part of the boot process - as if it was listed in /etc/crypttab. - This option may be specified more than once in order to set up - multiple devices. rd.luks.uuid= is honored - only by initial RAM disk (initrd) while - luks.uuid= is honored by both the main - system and the initrd. - If /etc/crypttab contains entries with the same UUID, - then the name, keyfile and options specified there will be - used. Otherwise, the device will have the name + Takes a LUKS superblock UUID as argument. This will activate the specified device as + part of the boot process as if it was listed in /etc/crypttab. This option may + be specified more than once in order to set up multiple devices. rd.luks.uuid= is + honored only in the initrd, while luks.uuid= is honored by both the main system + and the initrd. + + If /etc/crypttab contains entries with the same UUID, then the name, + keyfile and options specified there will be used. Otherwise, the device will have the name luks-UUID. - If /etc/crypttab exists, only those UUIDs - specified on the kernel command line - will be activated in the initrd or the real root. + + If /etc/crypttab exists, only those UUIDs specified on the kernel command + line will be activated in the initrd or the real root. @@ -108,9 +100,8 @@ This parameter is the analogue of the first crypttab 5 field volume-name. - rd.luks.name= is honored only by - initial RAM disk (initrd) while luks.name= - is honored by both the main system and the initrd. + rd.luks.name= is honored only in the initrd, while + luks.name= is honored by both the main system and the initrd. @@ -137,8 +128,8 @@ This parameter is the analogue of the second crypttab 5 field encrypted-device. - rd.luks.data= is honored only by initial RAM disk (initrd) while - luks.data= is honored by both the main system and the initrd. + rd.luks.data= is honored only in the initrd, while + luks.data= is honored by both the main system and in the initrd. @@ -173,12 +164,8 @@ This parameter is the analogue of the third crypttab 5 field key-file. - rd.luks.key= - is honored only by initial RAM disk - (initrd) while - luks.key= is - honored by both the main system and - the initrd. + rd.luks.key= is honored only in the initrd, while + luks.key= is honored by both the main system and in the initrd. diff --git a/man/systemd-fstab-generator.xml b/man/systemd-fstab-generator.xml index 21c3ea94a7..b7908377a4 100644 --- a/man/systemd-fstab-generator.xml +++ b/man/systemd-fstab-generator.xml @@ -70,13 +70,10 @@ fstab= rd.fstab= - Takes a boolean argument. Defaults to - yes. If no, causes the - generator to ignore any mounts or swap devices configured in - /etc/fstab. rd.fstab= - is honored only by the initial RAM disk (initrd) while - fstab= is honored by both the main system - and the initrd. + Takes a boolean argument. Defaults to yes. If + no, causes the generator to ignore any mounts or swap devices configured in + /etc/fstab. rd.fstab= is honored only in the initrd, while + fstab= is honored by both the main system and the initrd. @@ -194,12 +191,12 @@ If true the generator ensures systemd-volatile-root.service8 - is run as part of the initial RAM disk ("initrd"). This service changes the mount table before transitioning to - the host system, so that a volatile memory file system (tmpfs) is used as root directory, - with only /usr/ mounted into it from the configured root file system, in read-only - mode. This way the system operates in fully stateless mode, with all configuration and state reset at boot and - lost at shutdown, as /etc/ and /var/ will be served from the (initially - unpopulated) volatile memory file system. + is run in the initrd. This service changes the mount table before transitioning to the host system, + so that a volatile memory file system (tmpfs) is used as root directory, with only + /usr/ mounted into it from the configured root file system, in read-only mode. + This way the system operates in fully stateless mode, with all configuration and state reset at boot + and lost at shutdown, as /etc/ and /var/ will be served + from the (initially unpopulated) volatile memory file system. If set to the generator will leave the root directory mount point unaltered, however will mount a tmpfs file system to /var/. In this mode the normal diff --git a/man/systemd-modules-load.service.xml b/man/systemd-modules-load.service.xml index 0144650e87..691194866a 100644 --- a/man/systemd-modules-load.service.xml +++ b/man/systemd-modules-load.service.xml @@ -52,10 +52,8 @@ modules_load= rd.modules_load= - Takes a comma-separated list of kernel modules - to statically load during early boot. The option prefixed with - rd. is read by the initial RAM disk - only. + Takes a comma-separated list of kernel modules to statically load during early boot. + The option prefixed with rd. is read in the initrd only. diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index 5e8bc02806..16e2286ed0 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -443,9 +443,9 @@ in the container's file system namespace. This is for containers which have several bootable directories in them; for example, several - OSTree deployments. It emulates the behavior of - the boot loader and initial RAM disk which normally select which directory to mount as the root and start the - container's PID 1 in. + OSTree deployments. It emulates the + behavior of the boot loader and the initrd which normally select which directory to mount as the root + and start the container's PID 1 in. diff --git a/man/systemd-random-seed.service.xml b/man/systemd-random-seed.service.xml index 0a50b51e4d..a1e31cd460 100644 --- a/man/systemd-random-seed.service.xml +++ b/man/systemd-random-seed.service.xml @@ -33,14 +33,14 @@ into the kernel entropy pool during boot and saves it at shutdown. See random4 for details. By default, no entropy is credited when the random seed is written into the kernel entropy pool, - but this may be changed with $SYSTEMD_RANDOM_SEED_CREDIT, see below. On disk the random + but this may be changed with $SYSTEMD_RANDOM_SEED_CREDIT, see below. On disk the random seed is stored in /var/lib/systemd/random-seed. Note that this service runs relatively late during the early boot phase, i.e. generally after the - initial RAM disk (initrd) completed its work, and the /var/ file system has been - mounted writable. Many system services require entropy much earlier than this — this service is hence of - limited use for complex system. It is recommended to use a boot loader that can pass an initial random - seed to the kernel to ensure that entropy is available from earliest boot on, for example + initrd phase has finished and the /var/ file system has been mounted. Many system + services require entropy much earlier than this — this service is hence of limited use for complex + system. It is recommended to use a boot loader that can pass an initial random seed to the kernel to + ensure that entropy is available from earliest boot on, for example systemd-boot7, with its bootctl random-seed functionality. diff --git a/man/systemd-remount-fs.service.xml b/man/systemd-remount-fs.service.xml index be74307f9b..266db88461 100644 --- a/man/systemd-remount-fs.service.xml +++ b/man/systemd-remount-fs.service.xml @@ -36,7 +36,7 @@ systemd-gpt-auto-generator8 is active) to the root file system, the /usr/ file system, and the kernel API file systems. This is required so that the mount options of these file systems — which are pre-mounted by the - kernel, the initial RAM disk, container environments or system manager code — are updated to those + kernel, the initrd, container environments or system manager code — are updated to those configured in /etc/fstab and the other sources. This service ignores normal file systems and only changes the root file system (i.e. /), /usr/, and the virtual kernel API file systems such as /proc/, /sys/ or diff --git a/man/systemd-repart.xml b/man/systemd-repart.xml index 475aeec212..236058b74c 100644 --- a/man/systemd-repart.xml +++ b/man/systemd-repart.xml @@ -43,14 +43,14 @@ If invoked with no arguments, it operates on the block device backing the root file system partition of the running OS, thus growing and adding partitions of the booted OS image itself. If --image= is used it will operate on the specified image file. When called in the - initrd it operates on the block device backing /sysroot/ instead, - i.e. on the block device the system will soon transition into. The - systemd-repart.service service is generally run at boot in the initial RAM disk, in - order to augment the partition table of the OS before its partitions are - mounted. systemd-repart (mostly) operates in a purely incremental mode: it only grows - existing and adds new partitions; it does not shrink, delete or move existing partitions. The service is - intended to be run on every boot, but when it detects that the partition table already matches the - installed repart.d/*.conf configuration files, it executes no operation. + initrd it operates on the block device backing /sysroot/ instead, i.e. on the block + device the system will soon transition into. The systemd-repart.service service is + generally run at boot in the initrd, in order to augment the partition table of the OS before its + partitions are mounted. systemd-repart (mostly) operates in a purely incremental mode: + it only grows existing and adds new partitions; it does not shrink, delete or move existing partitions. + The service is intended to be run on every boot, but when it detects that the partition table already + matches the installed repart.d/*.conf configuration files, it executes no + operation. systemd-repart is intended to be used when deploying OS images, to automatically adjust them to the system they are running on, during first boot. This way the deployed image can be @@ -89,34 +89,34 @@ Taking the size constraints and weights declared in the configuration files into account, all partitions that shall be created are now allocated to the disk, taking up all free space, - always respecting the size and padding requests. Similar, existing partitions that are determined to - grow are grown. New partitions are always appended to the end of the existing partition table, taking - the first partition table slot whose index is greater than the indexes of all existing - partitions. Partition table slots are never reordered and thus partition numbers are ensured to remain - stable. Note that this allocation happens in RAM only, the partition table on disk is not updated - yet. + always respecting the size and padding requests. Similarly, existing partitions that should be grown + are grown. New partitions are always appended to the end of the partition table, taking the first + partition table slot whose index is greater than the indexes of all existing partitions. Partition + table slots are never reordered and thus partition numbers are ensured to remain stable. Note that this + allocation happens in memory only, the partition table on disk is not updated yet. All existing partitions for which configuration files exist and which currently have no GPT partition label set will be assigned a label, either explicitly configured in the configuration or - (if that's missing) derived automatically from the partition type. The same is done for all partitions - that are newly created. These assignments are done in RAM only, too, the disk is not updated - yet. + — if that's missing — derived automatically from the partition type. The same is done for all + partitions that are newly created. These assignments are done in memory only, too, the disk is not + updated yet. Similarly, all existing partitions for which configuration files exist and which currently have an all-zero identifying UUID will be assigned a new UUID. This UUID is cryptographically hashed from a common seed value together with the partition type UUID (and a counter in case multiple partitions of the same type are defined), see below. The same is done for all partitions that are - created anew. These assignments are done in RAM only, too, the disk is not updated - yet. + created anew. These assignments are done in memory only, too, the disk is not updated yet. + Similarly, if the disk's volume UUID is all zeroes it is also initialized, also - cryptographically hashed from the same common seed value. Also, in RAM only, too. + cryptographically hashed from the same common seed value. This is done in memory only too. + - The disk space assigned to new partitions (i.e. what was previously considered free - space but is no longer) is now erased. Specifically, all file system signatures are removed, and if the - device supports it the BLKDISCARD I/O control command is issued to inform the - hardware that the space is empty now. In addition any "padding" between partitions and at the end of - the device is similarly erased. + The disk space assigned to new partitions (i.e. what was previously free space) is now + erased. Specifically, all file system signatures are removed, and if the device supports it, the + BLKDISCARD I/O control command is issued to inform the hardware that the space is + now empty. In addition any "padding" between partitions and at the end of the device is similarly + erased. The new partition table is finally written to disk. The kernel is asked to reread the partition table. @@ -257,9 +257,9 @@ repart.d/*.conf files, for the machine ID file to use as seed and for the CopyFiles= and CopyBlocks= source files and directories. By default when invoked on the regular system this defaults to the host's root file system - /. If invoked from the initial RAM disk this defaults to - /sysroot/, so that the tool operates on the configuration and machine ID stored - in the root file system later transitioned into itself. + /. If invoked from the initrd this defaults to /sysroot/, + so that the tool operates on the configuration and machine ID stored in the root file system later + transitioned into itself. diff --git a/man/systemd-stub.xml b/man/systemd-stub.xml index f8c3eee393..dacf0fa7a7 100644 --- a/man/systemd-stub.xml +++ b/man/systemd-stub.xml @@ -57,8 +57,8 @@ os-release5 file of the OS the kernel belongs to, in the .osrel PE section. - The initial RAM disk (initrd) will be looked for in the .initrd PE - section. + The initrd will be loaded from the .initrd PE section. + A compiled binary DeviceTree will be looked for in the .dtb PE section. @@ -290,27 +290,27 @@ StubPcrKernelImage - The PCR register index the ELF kernel image/initial RAM disk image/boot - splash/devicetree database/embedded command line are measured into, formatted as decimal ASCII string - (i.e. 11). This variable is set if a measurement was successfully completed, and - remains unset otherwise. + The PCR register index the kernel image, initrd image, boot splash, devicetree + database, and the embedded command line are measured into, formatted as decimal ASCII string (e.g. + 11). This variable is set if a measurement was successfully completed, and remains + unset otherwise. StubPcrKernelParameters The PCR register index the kernel command line and credentials are measured into, - formatted as decimal ASCII string (i.e. 12). This variable is set if a measurement + formatted as decimal ASCII string (e.g. 12). This variable is set if a measurement was successfully completed, and remains unset otherwise. StubPcrInitRDSysExts - The PCR register index the systemd extensions for the initial RAM disk image, which - are picked up from the file system the kernel image is located on. Formatted as decimal ASCII string - (i.e. 13). This variable is set if a measurement was successfully completed, and - remains unset otherwise. + The PCR register index the systemd extensions for the initrd, which are picked up + from the file system the kernel image is located on. Formatted as decimal ASCII string (e.g. + 13). This variable is set if a measurement was successfully completed, and remains + unset otherwise. From 92e720281250aab9cd2728964c9d38d93b5b2013 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 15 Sep 2022 17:48:16 +0200 Subject: [PATCH 3/9] headers: export partition uuids and flags in new sd-gpt.h file I think those constants are generally useful. It's quite easy to make a mistake when copying things from the docs, so let's make them easy and convenient to access. --- TODO | 4 +- man/systemd-gpt-auto-generator.xml | 6 +- src/home/homed-manager.c | 2 +- src/home/homework-luks.c | 4 +- src/partition/repart.c | 10 +- src/shared/dissect-image.c | 125 ++++++----- src/shared/find-esp.c | 8 +- src/shared/gpt.c | 90 ++++---- src/shared/gpt.h | 290 +------------------------ src/systemd/meson.build | 1 + src/systemd/sd-gpt.h | 315 ++++++++++++++++++++++++++++ src/sysupdate/sysupdate-partition.c | 24 +-- src/test/test-loop-block.c | 8 +- src/udev/udev-builtin-blkid.c | 8 +- 14 files changed, 469 insertions(+), 426 deletions(-) create mode 100644 src/systemd/sd-gpt.h diff --git a/TODO b/TODO index 7eb7086cff..d5380a96f7 100644 --- a/TODO +++ b/TODO @@ -1879,7 +1879,7 @@ Features: * systemd-repart: make it a static checker during early boot for existence and absence of other partitions for trusted boot environments -* systemd-repart: add support for GPT_FLAG_GROWFS also on real systems, i.e. +* systemd-repart: add support for SD_GPT_FLAG_GROWFS also on real systems, i.e. generate some unit to actually enlarge the fs after growing the partition during boot. @@ -1898,7 +1898,7 @@ Features: - in particular an example how to do the equivalent of switching runlevels - man: maybe sort directives in man pages, and take sections from --help and apply them to man too - document root=gpt-auto properly - - GPT_FLAG_GROWFS is not documented at all. GPT_FLAG_* should be documented in Discoverable Partitions. + - SD_GPT_FLAG_GROWFS is not documented at all. SD_GPT_FLAG_* should be documented in Discoverable Partitions. * systemctl: - add systemctl switch to dump transaction without executing it diff --git a/man/systemd-gpt-auto-generator.xml b/man/systemd-gpt-auto-generator.xml index a67eedb51d..1c846a0212 100644 --- a/man/systemd-gpt-auto-generator.xml +++ b/man/systemd-gpt-auto-generator.xml @@ -192,21 +192,21 @@ - GPT_FLAG_READ_ONLY + SD_GPT_FLAG_READ_ONLY 0x1000000000000000 /, /home/, /srv/, /var/, /var/tmp/, Extended Boot Loader Partition Partition is mounted read-only - GPT_FLAG_NO_AUTO + SD_GPT_FLAG_NO_AUTO 0x8000000000000000 /, /home/, /srv/, /var/, /var/tmp/, Extended Boot Loader Partition Partition is not mounted automatically - GPT_FLAG_NO_BLOCK_IO_PROTOCOL + SD_GPT_FLAG_NO_BLOCK_IO_PROTOCOL 0x0000000000000002 EFI System Partition (ESP) Partition is not mounted automatically diff --git a/src/home/homed-manager.c b/src/home/homed-manager.c index 38945d7988..61ef979049 100644 --- a/src/home/homed-manager.c +++ b/src/home/homed-manager.c @@ -1239,7 +1239,7 @@ static int manager_add_device(Manager *m, sd_device *d) { return 0; if (r < 0) return log_error_errno(r, "Failed to acquire ID_PART_ENTRY_TYPE device property, ignoring: %m"); - if (sd_id128_string_equal(parttype, GPT_USER_HOME) <= 0) { + if (sd_id128_string_equal(parttype, SD_GPT_USER_HOME) <= 0) { log_debug("Found partition (%s) we don't care about, ignoring.", sysfs); return 0; } diff --git a/src/home/homework-luks.c b/src/home/homework-luks.c index f2dcabd84a..bf0c2abb8c 100644 --- a/src/home/homework-luks.c +++ b/src/home/homework-luks.c @@ -704,7 +704,7 @@ static int luks_validate( if (!pp) return errno > 0 ? -errno : -EIO; - if (sd_id128_string_equal(blkid_partition_get_type_string(pp), GPT_USER_HOME) <= 0) + if (sd_id128_string_equal(blkid_partition_get_type_string(pp), SD_GPT_USER_HOME) <= 0) continue; if (!streq_ptr(blkid_partition_get_name(pp), label)) @@ -1851,7 +1851,7 @@ static int make_partition_table( if (!t) return log_oom(); - r = fdisk_parttype_set_typestr(t, GPT_USER_HOME_STR); + r = fdisk_parttype_set_typestr(t, SD_GPT_USER_HOME_STR); if (r < 0) return log_error_errno(r, "Failed to initialize partition type: %m"); diff --git a/src/partition/repart.c b/src/partition/repart.c index 7a53b31c9f..301a91d937 100644 --- a/src/partition/repart.c +++ b/src/partition/repart.c @@ -3755,7 +3755,7 @@ static uint64_t partition_merge_flags(Partition *p) { if (p->no_auto >= 0) { if (gpt_partition_type_knows_no_auto(p->type_uuid)) - SET_FLAG(f, GPT_FLAG_NO_AUTO, p->no_auto); + SET_FLAG(f, SD_GPT_FLAG_NO_AUTO, p->no_auto); else { char buffer[SD_ID128_UUID_STRING_MAX]; log_warning("Configured NoAuto=%s for partition type '%s' that doesn't support it, ignoring.", @@ -3766,7 +3766,7 @@ static uint64_t partition_merge_flags(Partition *p) { if (p->read_only >= 0) { if (gpt_partition_type_knows_read_only(p->type_uuid)) - SET_FLAG(f, GPT_FLAG_READ_ONLY, p->read_only); + SET_FLAG(f, SD_GPT_FLAG_READ_ONLY, p->read_only); else { char buffer[SD_ID128_UUID_STRING_MAX]; log_warning("Configured ReadOnly=%s for partition type '%s' that doesn't support it, ignoring.", @@ -3777,7 +3777,7 @@ static uint64_t partition_merge_flags(Partition *p) { if (p->growfs >= 0) { if (gpt_partition_type_knows_growfs(p->type_uuid)) - SET_FLAG(f, GPT_FLAG_GROWFS, p->growfs); + SET_FLAG(f, SD_GPT_FLAG_GROWFS, p->growfs); else { char buffer[SD_ID128_UUID_STRING_MAX]; log_warning("Configured GrowFileSystem=%s for partition type '%s' that doesn't support it, ignoring.", @@ -4292,10 +4292,10 @@ static int resolve_copy_blocks_auto( try1 = "/"; else if (gpt_partition_type_is_usr_verity(type_uuid)) try1 = "/usr/"; - else if (sd_id128_equal(type_uuid, GPT_ESP)) { + else if (sd_id128_equal(type_uuid, SD_GPT_ESP)) { try1 = "/efi/"; try2 = "/boot/"; - } else if (sd_id128_equal(type_uuid, GPT_XBOOTLDR)) + } else if (sd_id128_equal(type_uuid, SD_GPT_XBOOTLDR)) try1 = "/boot/"; else return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index b186c3a728..241b191c87 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -134,7 +134,10 @@ static void check_partition_flags( assert(node); /* Mask away all flags supported by this partition's type and the three flags the UEFI spec defines generically */ - pflags &= ~(supported | GPT_FLAG_REQUIRED_PARTITION | GPT_FLAG_NO_BLOCK_IO_PROTOCOL | GPT_FLAG_LEGACY_BIOS_BOOTABLE); + pflags &= ~(supported | + SD_GPT_FLAG_REQUIRED_PARTITION | + SD_GPT_FLAG_NO_BLOCK_IO_PROTOCOL | + SD_GPT_FLAG_LEGACY_BIOS_BOOTABLE); if (pflags == 0) return; @@ -481,57 +484,61 @@ int dissect_image( label = blkid_partition_get_name(pp); /* libblkid returns NULL here if empty */ - if (sd_id128_equal(type_id, GPT_HOME)) { + if (sd_id128_equal(type_id, SD_GPT_HOME)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY|GPT_FLAG_GROWFS); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY | SD_GPT_FLAG_GROWFS); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; designator = PARTITION_HOME; - rw = !(pflags & GPT_FLAG_READ_ONLY); - growfs = FLAGS_SET(pflags, GPT_FLAG_GROWFS); + rw = !(pflags & SD_GPT_FLAG_READ_ONLY); + growfs = FLAGS_SET(pflags, SD_GPT_FLAG_GROWFS); - } else if (sd_id128_equal(type_id, GPT_SRV)) { + } else if (sd_id128_equal(type_id, SD_GPT_SRV)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY|GPT_FLAG_GROWFS); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY | SD_GPT_FLAG_GROWFS); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; designator = PARTITION_SRV; - rw = !(pflags & GPT_FLAG_READ_ONLY); - growfs = FLAGS_SET(pflags, GPT_FLAG_GROWFS); + rw = !(pflags & SD_GPT_FLAG_READ_ONLY); + growfs = FLAGS_SET(pflags, SD_GPT_FLAG_GROWFS); - } else if (sd_id128_equal(type_id, GPT_ESP)) { + } else if (sd_id128_equal(type_id, SD_GPT_ESP)) { - /* Note that we don't check the GPT_FLAG_NO_AUTO flag for the ESP, as it is - * not defined there. We instead check the GPT_FLAG_NO_BLOCK_IO_PROTOCOL, as + /* Note that we don't check the SD_GPT_FLAG_NO_AUTO flag for the ESP, as it is + * not defined there. We instead check the SD_GPT_FLAG_NO_BLOCK_IO_PROTOCOL, as * recommended by the UEFI spec (See "12.3.3 Number and Location of System * Partitions"). */ - if (pflags & GPT_FLAG_NO_BLOCK_IO_PROTOCOL) + if (pflags & SD_GPT_FLAG_NO_BLOCK_IO_PROTOCOL) continue; designator = PARTITION_ESP; fstype = "vfat"; - } else if (sd_id128_equal(type_id, GPT_XBOOTLDR)) { + } else if (sd_id128_equal(type_id, SD_GPT_XBOOTLDR)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY|GPT_FLAG_GROWFS); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY | SD_GPT_FLAG_GROWFS); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; designator = PARTITION_XBOOTLDR; - rw = !(pflags & GPT_FLAG_READ_ONLY); - growfs = FLAGS_SET(pflags, GPT_FLAG_GROWFS); + rw = !(pflags & SD_GPT_FLAG_READ_ONLY); + growfs = FLAGS_SET(pflags, SD_GPT_FLAG_GROWFS); } else if (gpt_partition_type_is_root(type_id)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY|GPT_FLAG_GROWFS); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY | SD_GPT_FLAG_GROWFS); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; /* If a root ID is specified, ignore everything but the root id */ @@ -540,14 +547,15 @@ int dissect_image( assert_se((architecture = gpt_partition_type_uuid_to_arch(type_id)) >= 0); designator = PARTITION_ROOT_OF_ARCH(architecture); - rw = !(pflags & GPT_FLAG_READ_ONLY); - growfs = FLAGS_SET(pflags, GPT_FLAG_GROWFS); + rw = !(pflags & SD_GPT_FLAG_READ_ONLY); + growfs = FLAGS_SET(pflags, SD_GPT_FLAG_GROWFS); } else if (gpt_partition_type_is_root_verity(type_id)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; m->has_verity = true; @@ -569,9 +577,10 @@ int dissect_image( } else if (gpt_partition_type_is_root_verity_sig(type_id)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; m->has_verity_sig = true; @@ -591,9 +600,10 @@ int dissect_image( } else if (gpt_partition_type_is_usr(type_id)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY|GPT_FLAG_GROWFS); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY | SD_GPT_FLAG_GROWFS); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; /* If a usr ID is specified, ignore everything but the usr id */ @@ -602,14 +612,15 @@ int dissect_image( assert_se((architecture = gpt_partition_type_uuid_to_arch(type_id)) >= 0); designator = PARTITION_USR_OF_ARCH(architecture); - rw = !(pflags & GPT_FLAG_READ_ONLY); - growfs = FLAGS_SET(pflags, GPT_FLAG_GROWFS); + rw = !(pflags & SD_GPT_FLAG_READ_ONLY); + growfs = FLAGS_SET(pflags, SD_GPT_FLAG_GROWFS); } else if (gpt_partition_type_is_usr_verity(type_id)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; m->has_verity = true; @@ -630,9 +641,10 @@ int dissect_image( } else if (gpt_partition_type_is_usr_verity_sig(type_id)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; m->has_verity_sig = true; @@ -650,50 +662,53 @@ int dissect_image( fstype = "verity_hash_signature"; rw = false; - } else if (sd_id128_equal(type_id, GPT_SWAP)) { + } else if (sd_id128_equal(type_id, SD_GPT_SWAP)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO); + check_partition_flags(node, pflags, SD_GPT_FLAG_NO_AUTO); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; designator = PARTITION_SWAP; - } else if (sd_id128_equal(type_id, GPT_LINUX_GENERIC)) { + } else if (sd_id128_equal(type_id, SD_GPT_LINUX_GENERIC)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY|GPT_FLAG_GROWFS); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY | SD_GPT_FLAG_GROWFS); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; if (generic_node) multiple_generic = true; else { generic_nr = nr; - generic_rw = !(pflags & GPT_FLAG_READ_ONLY); - generic_growfs = FLAGS_SET(pflags, GPT_FLAG_GROWFS); + generic_rw = !(pflags & SD_GPT_FLAG_READ_ONLY); + generic_growfs = FLAGS_SET(pflags, SD_GPT_FLAG_GROWFS); generic_uuid = id; generic_node = strdup(node); if (!generic_node) return -ENOMEM; } - } else if (sd_id128_equal(type_id, GPT_TMP)) { + } else if (sd_id128_equal(type_id, SD_GPT_TMP)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY|GPT_FLAG_GROWFS); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY | SD_GPT_FLAG_GROWFS); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; designator = PARTITION_TMP; - rw = !(pflags & GPT_FLAG_READ_ONLY); - growfs = FLAGS_SET(pflags, GPT_FLAG_GROWFS); + rw = !(pflags & SD_GPT_FLAG_READ_ONLY); + growfs = FLAGS_SET(pflags, SD_GPT_FLAG_GROWFS); - } else if (sd_id128_equal(type_id, GPT_VAR)) { + } else if (sd_id128_equal(type_id, SD_GPT_VAR)) { - check_partition_flags(node, pflags, GPT_FLAG_NO_AUTO|GPT_FLAG_READ_ONLY|GPT_FLAG_GROWFS); + check_partition_flags(node, pflags, + SD_GPT_FLAG_NO_AUTO | SD_GPT_FLAG_READ_ONLY | SD_GPT_FLAG_GROWFS); - if (pflags & GPT_FLAG_NO_AUTO) + if (pflags & SD_GPT_FLAG_NO_AUTO) continue; if (!FLAGS_SET(flags, DISSECT_IMAGE_RELAX_VAR_CHECK)) { @@ -707,7 +722,7 @@ int dissect_image( * /etc/machine-id we can securely bind the partition to the * installation. */ - r = sd_id128_get_machine_app_specific(GPT_VAR, &var_uuid); + r = sd_id128_get_machine_app_specific(SD_GPT_VAR, &var_uuid); if (r < 0) return r; @@ -718,8 +733,8 @@ int dissect_image( } designator = PARTITION_VAR; - rw = !(pflags & GPT_FLAG_READ_ONLY); - growfs = FLAGS_SET(pflags, GPT_FLAG_GROWFS); + rw = !(pflags & SD_GPT_FLAG_READ_ONLY); + growfs = FLAGS_SET(pflags, SD_GPT_FLAG_GROWFS); } if (designator != _PARTITION_DESIGNATOR_INVALID) { diff --git a/src/shared/find-esp.c b/src/shared/find-esp.c index 2041d7f4b2..889ba8c46b 100644 --- a/src/shared/find-esp.c +++ b/src/shared/find-esp.c @@ -92,7 +92,7 @@ static int verify_esp_blkid( r = blkid_probe_lookup_value(b, "PART_ENTRY_TYPE", &v, NULL); if (r != 0) return log_error_errno(errno ?: EIO, "Failed to probe partition type UUID of \"%s\": %m", node); - if (sd_id128_string_equal(v, GPT_ESP) <= 0) + if (sd_id128_string_equal(v, SD_GPT_ESP) <= 0) return log_full_errno(searching ? LOG_DEBUG : LOG_ERR, SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV), "File system \"%s\" has wrong type for an EFI System Partition (ESP).", node); @@ -184,7 +184,7 @@ static int verify_esp_udev( r = sd_device_get_property_value(d, "ID_PART_ENTRY_TYPE", &v); if (r < 0) return log_error_errno(r, "Failed to get device property: %m"); - if (sd_id128_string_equal(v, GPT_ESP) <= 0) + if (sd_id128_string_equal(v, SD_GPT_ESP) <= 0) return log_full_errno(searching ? LOG_DEBUG : LOG_ERR, SYNTHETIC_ERRNO(searching ? EADDRNOTAVAIL : ENODEV), "File system \"%s\" has wrong type for an EFI System Partition (ESP).", node); @@ -540,7 +540,7 @@ static int verify_xbootldr_blkid( r = blkid_probe_lookup_value(b, "PART_ENTRY_TYPE", &v, NULL); if (r != 0) return log_error_errno(errno ?: SYNTHETIC_ERRNO(EIO), "%s: Failed to probe PART_ENTRY_TYPE: %m", node); - if (sd_id128_string_equal(v, GPT_XBOOTLDR) <= 0) + if (sd_id128_string_equal(v, SD_GPT_XBOOTLDR) <= 0) return log_full_errno(searching ? LOG_DEBUG : LOG_ERR, searching ? SYNTHETIC_ERRNO(EADDRNOTAVAIL) : SYNTHETIC_ERRNO(ENODEV), "%s: Partitition has wrong PART_ENTRY_TYPE=%s for XBOOTLDR partition.", node, v); @@ -604,7 +604,7 @@ static int verify_xbootldr_udev( if (r < 0) return log_device_error_errno(d, r, "Failed to query ID_PART_ENTRY_TYPE: %m"); - r = sd_id128_string_equal(v, GPT_XBOOTLDR); + r = sd_id128_string_equal(v, SD_GPT_XBOOTLDR); if (r < 0) return log_device_error_errno(d, r, "Failed to parse ID_PART_ENTRY_TYPE=%s: %m", v); if (r == 0) diff --git a/src/shared/gpt.c b/src/shared/gpt.c index 86819cdf5e..a15833b21d 100644 --- a/src/shared/gpt.c +++ b/src/shared/gpt.c @@ -5,22 +5,22 @@ #include "utf8.h" /* Gently push people towards defining GPT type UUIDs for all architectures we know */ -#if !defined(GPT_ROOT_NATIVE) || \ - !defined(GPT_ROOT_NATIVE_VERITY) || \ - !defined(GPT_ROOT_NATIVE_VERITY_SIG) || \ - !defined(GPT_USR_NATIVE) || \ - !defined(GPT_USR_NATIVE_VERITY) || \ - !defined(GPT_USR_NATIVE_VERITY_SIG) +#if !defined(SD_GPT_ROOT_NATIVE) || \ + !defined(SD_GPT_ROOT_NATIVE_VERITY) || \ + !defined(SD_GPT_ROOT_NATIVE_VERITY_SIG) || \ + !defined(SD_GPT_USR_NATIVE) || \ + !defined(SD_GPT_USR_NATIVE_VERITY) || \ + !defined(SD_GPT_USR_NATIVE_VERITY_SIG) #pragma message "Please define GPT partition types for your architecture." #endif #define _GPT_ARCH_SEXTET(arch, name) \ - { GPT_ROOT_##arch, "root-" name, ARCHITECTURE_##arch, .is_root = true }, \ - { GPT_ROOT_##arch##_VERITY, "root-" name "-verity", ARCHITECTURE_##arch, .is_root_verity = true }, \ - { GPT_ROOT_##arch##_VERITY_SIG, "root-" name "-verity-sig", ARCHITECTURE_##arch, .is_root_verity_sig = true }, \ - { GPT_USR_##arch, "usr-" name, ARCHITECTURE_##arch, .is_usr = true }, \ - { GPT_USR_##arch##_VERITY, "usr-" name "-verity", ARCHITECTURE_##arch, .is_usr_verity = true }, \ - { GPT_USR_##arch##_VERITY_SIG, "usr-" name "-verity-sig", ARCHITECTURE_##arch, .is_usr_verity_sig = true } + { SD_GPT_ROOT_##arch, "root-" name, ARCHITECTURE_##arch, .is_root = true }, \ + { SD_GPT_ROOT_##arch##_VERITY, "root-" name "-verity", ARCHITECTURE_##arch, .is_root_verity = true }, \ + { SD_GPT_ROOT_##arch##_VERITY_SIG, "root-" name "-verity-sig", ARCHITECTURE_##arch, .is_root_verity_sig = true }, \ + { SD_GPT_USR_##arch, "usr-" name, ARCHITECTURE_##arch, .is_usr = true }, \ + { SD_GPT_USR_##arch##_VERITY, "usr-" name "-verity", ARCHITECTURE_##arch, .is_usr_verity = true }, \ + { SD_GPT_USR_##arch##_VERITY_SIG, "usr-" name "-verity-sig", ARCHITECTURE_##arch, .is_usr_verity_sig = true } const GptPartitionType gpt_partition_type_table[] = { _GPT_ARCH_SEXTET(ALPHA, "alpha"), @@ -42,27 +42,27 @@ const GptPartitionType gpt_partition_type_table[] = { _GPT_ARCH_SEXTET(TILEGX, "tilegx"), _GPT_ARCH_SEXTET(X86, "x86"), _GPT_ARCH_SEXTET(X86_64, "x86-64"), -#ifdef GPT_ROOT_NATIVE - { GPT_ROOT_NATIVE, "root", native_architecture(), .is_root = true }, - { GPT_ROOT_NATIVE_VERITY, "root-verity", native_architecture(), .is_root_verity = true }, - { GPT_ROOT_NATIVE_VERITY_SIG, "root-verity-sig", native_architecture(), .is_root_verity_sig = true }, - { GPT_USR_NATIVE, "usr", native_architecture(), .is_usr = true }, - { GPT_USR_NATIVE_VERITY, "usr-verity", native_architecture(), .is_usr_verity = true }, - { GPT_USR_NATIVE_VERITY_SIG, "usr-verity-sig", native_architecture(), .is_usr_verity_sig = true }, +#ifdef SD_GPT_ROOT_NATIVE + { SD_GPT_ROOT_NATIVE, "root", native_architecture(), .is_root = true }, + { SD_GPT_ROOT_NATIVE_VERITY, "root-verity", native_architecture(), .is_root_verity = true }, + { SD_GPT_ROOT_NATIVE_VERITY_SIG, "root-verity-sig", native_architecture(), .is_root_verity_sig = true }, + { SD_GPT_USR_NATIVE, "usr", native_architecture(), .is_usr = true }, + { SD_GPT_USR_NATIVE_VERITY, "usr-verity", native_architecture(), .is_usr_verity = true }, + { SD_GPT_USR_NATIVE_VERITY_SIG, "usr-verity-sig", native_architecture(), .is_usr_verity_sig = true }, #endif -#ifdef GPT_ROOT_SECONDARY +#ifdef SD_GPT_ROOT_SECONDARY _GPT_ARCH_SEXTET(SECONDARY, "secondary"), #endif - { GPT_ESP, "esp", _ARCHITECTURE_INVALID }, - { GPT_XBOOTLDR, "xbootldr", _ARCHITECTURE_INVALID }, - { GPT_SWAP, "swap", _ARCHITECTURE_INVALID }, - { GPT_HOME, "home", _ARCHITECTURE_INVALID }, - { GPT_SRV, "srv", _ARCHITECTURE_INVALID }, - { GPT_VAR, "var", _ARCHITECTURE_INVALID }, - { GPT_TMP, "tmp", _ARCHITECTURE_INVALID }, - { GPT_USER_HOME, "user-home", _ARCHITECTURE_INVALID }, - { GPT_LINUX_GENERIC, "linux-generic", _ARCHITECTURE_INVALID }, + { SD_GPT_ESP, "esp", _ARCHITECTURE_INVALID }, + { SD_GPT_XBOOTLDR, "xbootldr", _ARCHITECTURE_INVALID }, + { SD_GPT_SWAP, "swap", _ARCHITECTURE_INVALID }, + { SD_GPT_HOME, "home", _ARCHITECTURE_INVALID }, + { SD_GPT_SRV, "srv", _ARCHITECTURE_INVALID }, + { SD_GPT_VAR, "var", _ARCHITECTURE_INVALID }, + { SD_GPT_TMP, "tmp", _ARCHITECTURE_INVALID }, + { SD_GPT_USER_HOME, "user-home", _ARCHITECTURE_INVALID }, + { SD_GPT_LINUX_GENERIC, "linux-generic", _ARCHITECTURE_INVALID }, {} }; @@ -171,11 +171,11 @@ bool gpt_partition_type_knows_read_only(sd_id128_t id) { return gpt_partition_type_is_root(id) || gpt_partition_type_is_usr(id) || sd_id128_in_set(id, - GPT_HOME, - GPT_SRV, - GPT_VAR, - GPT_TMP, - GPT_XBOOTLDR) || + SD_GPT_HOME, + SD_GPT_SRV, + SD_GPT_VAR, + SD_GPT_TMP, + SD_GPT_XBOOTLDR) || gpt_partition_type_is_root_verity(id) || /* pretty much implied, but let's set the bit to make things really clear */ gpt_partition_type_is_usr_verity(id); /* ditto */ } @@ -184,11 +184,11 @@ bool gpt_partition_type_knows_growfs(sd_id128_t id) { return gpt_partition_type_is_root(id) || gpt_partition_type_is_usr(id) || sd_id128_in_set(id, - GPT_HOME, - GPT_SRV, - GPT_VAR, - GPT_TMP, - GPT_XBOOTLDR); + SD_GPT_HOME, + SD_GPT_SRV, + SD_GPT_VAR, + SD_GPT_TMP, + SD_GPT_XBOOTLDR); } bool gpt_partition_type_knows_no_auto(sd_id128_t id) { @@ -197,10 +197,10 @@ bool gpt_partition_type_knows_no_auto(sd_id128_t id) { gpt_partition_type_is_usr(id) || gpt_partition_type_is_usr_verity(id) || sd_id128_in_set(id, - GPT_HOME, - GPT_SRV, - GPT_VAR, - GPT_TMP, - GPT_XBOOTLDR, - GPT_SWAP); + SD_GPT_HOME, + SD_GPT_SRV, + SD_GPT_VAR, + SD_GPT_TMP, + SD_GPT_XBOOTLDR, + SD_GPT_SWAP); } diff --git a/src/shared/gpt.h b/src/shared/gpt.h index 59a323f9c2..f6ed2d3eb5 100644 --- a/src/shared/gpt.h +++ b/src/shared/gpt.h @@ -1,300 +1,12 @@ /* SPDX-License-Identifier: LGPL-2.1-or-later */ #pragma once -#include - +#include "sd-gpt.h" #include "sd-id128.h" #include "architecture.h" #include "id128-util.h" -#define GPT_ROOT_ALPHA SD_ID128_MAKE(65,23,f8,ae,3e,b1,4e,2a,a0,5a,18,b6,95,ae,65,6f) -#define GPT_ROOT_ARC SD_ID128_MAKE(d2,7f,46,ed,29,19,4c,b8,bd,25,95,31,f3,c1,65,34) -#define GPT_ROOT_ARM SD_ID128_MAKE(69,da,d7,10,2c,e4,4e,3c,b1,6c,21,a1,d4,9a,be,d3) -#define GPT_ROOT_ARM64 SD_ID128_MAKE(b9,21,b0,45,1d,f0,41,c3,af,44,4c,6f,28,0d,3f,ae) -#define GPT_ROOT_IA64 SD_ID128_MAKE(99,3d,8d,3d,f8,0e,42,25,85,5a,9d,af,8e,d7,ea,97) -#define GPT_ROOT_LOONGARCH64 SD_ID128_MAKE(77,05,58,00,79,2c,4f,94,b3,9a,98,c9,1b,76,2b,b6) -#define GPT_ROOT_MIPS_LE SD_ID128_MAKE(37,c5,8c,8a,d9,13,41,56,a2,5f,48,b1,b6,4e,07,f0) -#define GPT_ROOT_MIPS64_LE SD_ID128_MAKE(70,0b,da,43,7a,34,45,07,b1,79,ee,b9,3d,7a,7c,a3) -#define GPT_ROOT_PARISC SD_ID128_MAKE(1a,ac,db,3b,54,44,41,38,bd,9e,e5,c2,23,9b,23,46) -#define GPT_ROOT_PPC SD_ID128_MAKE(1d,e3,f1,ef,fa,98,47,b5,8d,cd,4a,86,0a,65,4d,78) -#define GPT_ROOT_PPC64 SD_ID128_MAKE(91,2a,de,1d,a8,39,49,13,89,64,a1,0e,ee,08,fb,d2) -#define GPT_ROOT_PPC64_LE SD_ID128_MAKE(c3,1c,45,e6,3f,39,41,2e,80,fb,48,09,c4,98,05,99) -#define GPT_ROOT_RISCV32 SD_ID128_MAKE(60,d5,a7,fe,8e,7d,43,5c,b7,14,3d,d8,16,21,44,e1) -#define GPT_ROOT_RISCV64 SD_ID128_MAKE(72,ec,70,a6,cf,74,40,e6,bd,49,4b,da,08,e8,f2,24) -#define GPT_ROOT_S390X SD_ID128_MAKE(5e,ea,d9,a9,fe,09,4a,1e,a1,d7,52,0d,00,53,13,06) -#define GPT_ROOT_S390 SD_ID128_MAKE(08,a7,ac,ea,62,4c,4a,20,91,e8,6e,0f,a6,7d,23,f9) -#define GPT_ROOT_TILEGX SD_ID128_MAKE(c5,0c,dd,70,38,62,4c,c3,90,e1,80,9a,8c,93,ee,2c) -#define GPT_ROOT_X86 SD_ID128_MAKE(44,47,95,40,f2,97,41,b2,9a,f7,d1,31,d5,f0,45,8a) -#define GPT_ROOT_X86_64 SD_ID128_MAKE(4f,68,bc,e3,e8,cd,4d,b1,96,e7,fb,ca,f9,84,b7,09) -#define GPT_USR_ALPHA SD_ID128_MAKE(e1,8c,f0,8c,33,ec,4c,0d,82,46,c6,c6,fb,3d,a0,24) -#define GPT_USR_ARC SD_ID128_MAKE(79,78,a6,83,63,16,49,22,bb,ee,38,bf,f5,a2,fe,cc) -#define GPT_USR_ARM SD_ID128_MAKE(7d,03,59,a3,02,b3,4f,0a,86,5c,65,44,03,e7,06,25) -#define GPT_USR_ARM64 SD_ID128_MAKE(b0,e0,10,50,ee,5f,43,90,94,9a,91,01,b1,71,04,e9) -#define GPT_USR_IA64 SD_ID128_MAKE(43,01,d2,a6,4e,3b,4b,2a,bb,94,9e,0b,2c,42,25,ea) -#define GPT_USR_LOONGARCH64 SD_ID128_MAKE(e6,11,c7,02,57,5c,4c,be,9a,46,43,4f,a0,bf,7e,3f) -#define GPT_USR_MIPS_LE SD_ID128_MAKE(0f,48,68,e9,99,52,47,06,97,9f,3e,d3,a4,73,e9,47) -#define GPT_USR_MIPS64_LE SD_ID128_MAKE(c9,7c,1f,32,ba,06,40,b4,9f,22,23,60,61,b0,8a,a8) -#define GPT_USR_PARISC SD_ID128_MAKE(dc,4a,44,80,69,17,42,62,a4,ec,db,93,84,94,9f,25) -#define GPT_USR_PPC SD_ID128_MAKE(7d,14,fe,c5,cc,71,41,5d,9d,6c,06,bf,0b,3c,3e,af) -#define GPT_USR_PPC64 SD_ID128_MAKE(2c,97,39,e2,f0,68,46,b3,9f,d0,01,c5,a9,af,bc,ca) -#define GPT_USR_PPC64_LE SD_ID128_MAKE(15,bb,03,af,77,e7,4d,4a,b1,2b,c0,d0,84,f7,49,1c) -#define GPT_USR_RISCV32 SD_ID128_MAKE(b9,33,fb,22,5c,3f,4f,91,af,90,e2,bb,0f,a5,07,02) -#define GPT_USR_RISCV64 SD_ID128_MAKE(be,ae,c3,4b,84,42,43,9b,a4,0b,98,43,81,ed,09,7d) -#define GPT_USR_S390X SD_ID128_MAKE(8a,4f,57,70,50,aa,4e,d3,87,4a,99,b7,10,db,6f,ea) -#define GPT_USR_S390 SD_ID128_MAKE(cd,0f,86,9b,d0,fb,4c,a0,b1,41,9e,a8,7c,c7,8d,66) -#define GPT_USR_TILEGX SD_ID128_MAKE(55,49,70,29,c7,c1,44,cc,aa,39,81,5e,d1,55,86,30) -#define GPT_USR_X86 SD_ID128_MAKE(75,25,0d,76,8c,c6,45,8e,bd,66,bd,47,cc,81,a8,12) -#define GPT_USR_X86_64 SD_ID128_MAKE(84,84,68,0c,95,21,48,c6,9c,11,b0,72,06,56,f6,9e) - -/* Verity partitions for the root partitions above (we only define them for the root and /usr partitions, - * because only they are commonly read-only and hence suitable for verity). */ -#define GPT_ROOT_ALPHA_VERITY SD_ID128_MAKE(fc,56,d9,e9,e6,e5,4c,06,be,32,e7,44,07,ce,09,a5) -#define GPT_ROOT_ARC_VERITY SD_ID128_MAKE(24,b2,d9,75,0f,97,45,21,af,a1,cd,53,1e,42,1b,8d) -#define GPT_ROOT_ARM_VERITY SD_ID128_MAKE(73,86,cd,f2,20,3c,47,a9,a4,98,f2,ec,ce,45,a2,d6) -#define GPT_ROOT_ARM64_VERITY SD_ID128_MAKE(df,33,00,ce,d6,9f,4c,92,97,8c,9b,fb,0f,38,d8,20) -#define GPT_ROOT_IA64_VERITY SD_ID128_MAKE(86,ed,10,d5,b6,07,45,bb,89,57,d3,50,f2,3d,05,71) -#define GPT_ROOT_LOONGARCH64_VERITY SD_ID128_MAKE(f3,39,3b,22,e9,af,46,13,a9,48,9d,3b,fb,d0,c5,35) -#define GPT_ROOT_MIPS_LE_VERITY SD_ID128_MAKE(d7,d1,50,d2,2a,04,4a,33,8f,12,16,65,12,05,ff,7b) -#define GPT_ROOT_MIPS64_LE_VERITY SD_ID128_MAKE(16,b4,17,f8,3e,06,4f,57,8d,d2,9b,52,32,f4,1a,a6) -#define GPT_ROOT_PARISC_VERITY SD_ID128_MAKE(d2,12,a4,30,fb,c5,49,f9,a9,83,a7,fe,ef,2b,8d,0e) -#define GPT_ROOT_PPC64_LE_VERITY SD_ID128_MAKE(90,6b,d9,44,45,89,4a,ae,a4,e4,dd,98,39,17,44,6a) -#define GPT_ROOT_PPC64_VERITY SD_ID128_MAKE(92,25,a9,a3,3c,19,4d,89,b4,f6,ee,ff,88,f1,76,31) -#define GPT_ROOT_PPC_VERITY SD_ID128_MAKE(98,cf,e6,49,15,88,46,dc,b2,f0,ad,d1,47,42,49,25) -#define GPT_ROOT_RISCV32_VERITY SD_ID128_MAKE(ae,02,53,be,11,67,40,07,ac,68,43,92,6c,14,c5,de) -#define GPT_ROOT_RISCV64_VERITY SD_ID128_MAKE(b6,ed,55,82,44,0b,42,09,b8,da,5f,f7,c4,19,ea,3d) -#define GPT_ROOT_S390X_VERITY SD_ID128_MAKE(b3,25,bf,be,c7,be,4a,b8,83,57,13,9e,65,2d,2f,6b) -#define GPT_ROOT_S390_VERITY SD_ID128_MAKE(7a,c6,3b,47,b2,5c,46,3b,8d,f8,b4,a9,4e,6c,90,e1) -#define GPT_ROOT_TILEGX_VERITY SD_ID128_MAKE(96,60,61,ec,28,e4,4b,2e,b4,a5,1f,0a,82,5a,1d,84) -#define GPT_ROOT_X86_64_VERITY SD_ID128_MAKE(2c,73,57,ed,eb,d2,46,d9,ae,c1,23,d4,37,ec,2b,f5) -#define GPT_ROOT_X86_VERITY SD_ID128_MAKE(d1,3c,5d,3b,b5,d1,42,2a,b2,9f,94,54,fd,c8,9d,76) -#define GPT_USR_ALPHA_VERITY SD_ID128_MAKE(8c,ce,0d,25,c0,d0,4a,44,bd,87,46,33,1b,f1,df,67) -#define GPT_USR_ARC_VERITY SD_ID128_MAKE(fc,a0,59,8c,d8,80,45,91,8c,16,4e,da,05,c7,34,7c) -#define GPT_USR_ARM_VERITY SD_ID128_MAKE(c2,15,d7,51,7b,cd,46,49,be,90,66,27,49,0a,4c,05) -#define GPT_USR_ARM64_VERITY SD_ID128_MAKE(6e,11,a4,e7,fb,ca,4d,ed,b9,e9,e1,a5,12,bb,66,4e) -#define GPT_USR_IA64_VERITY SD_ID128_MAKE(6a,49,1e,03,3b,e7,45,45,8e,38,83,32,0e,0e,a8,80) -#define GPT_USR_LOONGARCH64_VERITY SD_ID128_MAKE(f4,6b,2c,26,59,ae,48,f0,91,06,c5,0e,d4,7f,67,3d) -#define GPT_USR_MIPS_LE_VERITY SD_ID128_MAKE(46,b9,8d,8d,b5,5c,4e,8f,aa,b3,37,fc,a7,f8,07,52) -#define GPT_USR_MIPS64_LE_VERITY SD_ID128_MAKE(3c,3d,61,fe,b5,f3,41,4d,bb,71,87,39,a6,94,a4,ef) -#define GPT_USR_PARISC_VERITY SD_ID128_MAKE(58,43,d6,18,ec,37,48,d7,9f,12,ce,a8,e0,87,68,b2) -#define GPT_USR_PPC64_LE_VERITY SD_ID128_MAKE(ee,2b,99,83,21,e8,41,53,86,d9,b6,90,1a,54,d1,ce) -#define GPT_USR_PPC64_VERITY SD_ID128_MAKE(bd,b5,28,a5,a2,59,47,5f,a8,7d,da,53,fa,73,6a,07) -#define GPT_USR_PPC_VERITY SD_ID128_MAKE(df,76,5d,00,27,0e,49,e5,bc,75,f4,7b,b2,11,8b,09) -#define GPT_USR_RISCV32_VERITY SD_ID128_MAKE(cb,1e,e4,e3,8c,d0,41,36,a0,a4,aa,61,a3,2e,87,30) -#define GPT_USR_RISCV64_VERITY SD_ID128_MAKE(8f,10,56,be,9b,05,47,c4,81,d6,be,53,12,8e,5b,54) -#define GPT_USR_S390X_VERITY SD_ID128_MAKE(31,74,1c,c4,1a,2a,41,11,a5,81,e0,0b,44,7d,2d,06) -#define GPT_USR_S390_VERITY SD_ID128_MAKE(b6,63,c6,18,e7,bc,4d,6d,90,aa,11,b7,56,bb,17,97) -#define GPT_USR_TILEGX_VERITY SD_ID128_MAKE(2f,b4,bf,56,07,fa,42,da,81,32,6b,13,9f,20,26,ae) -#define GPT_USR_X86_64_VERITY SD_ID128_MAKE(77,ff,5f,63,e7,b6,46,33,ac,f4,15,65,b8,64,c0,e6) -#define GPT_USR_X86_VERITY SD_ID128_MAKE(8f,46,1b,0d,14,ee,4e,81,9a,a9,04,9b,6f,b9,7a,bd) - -/* PKCS#7 Signatures for the Verity Root Hashes */ -#define GPT_ROOT_ALPHA_VERITY_SIG SD_ID128_MAKE(d4,64,95,b7,a0,53,41,4f,80,f7,70,0c,99,92,1e,f8) -#define GPT_ROOT_ARC_VERITY_SIG SD_ID128_MAKE(14,3a,70,ba,cb,d3,4f,06,91,9f,6c,05,68,3a,78,bc) -#define GPT_ROOT_ARM_VERITY_SIG SD_ID128_MAKE(42,b0,45,5f,eb,11,49,1d,98,d3,56,14,5b,a9,d0,37) -#define GPT_ROOT_ARM64_VERITY_SIG SD_ID128_MAKE(6d,b6,9d,e6,29,f4,47,58,a7,a5,96,21,90,f0,0c,e3) -#define GPT_ROOT_IA64_VERITY_SIG SD_ID128_MAKE(e9,8b,36,ee,32,ba,48,82,9b,12,0c,e1,46,55,f4,6a) -#define GPT_ROOT_LOONGARCH64_VERITY_SIG SD_ID128_MAKE(5a,fb,67,eb,ec,c8,4f,85,ae,8e,ac,1e,7c,50,e7,d0) -#define GPT_ROOT_MIPS_LE_VERITY_SIG SD_ID128_MAKE(c9,19,cc,1f,44,56,4e,ff,91,8c,f7,5e,94,52,5c,a5) -#define GPT_ROOT_MIPS64_LE_VERITY_SIG SD_ID128_MAKE(90,4e,58,ef,5c,65,4a,31,9c,57,6a,f5,fc,7c,5d,e7) -#define GPT_ROOT_PARISC_VERITY_SIG SD_ID128_MAKE(15,de,61,70,65,d3,43,1c,91,6e,b0,dc,d8,39,3f,25) -#define GPT_ROOT_PPC64_LE_VERITY_SIG SD_ID128_MAKE(d4,a2,36,e7,e8,73,4c,07,bf,1d,bf,6c,f7,f1,c3,c6) -#define GPT_ROOT_PPC64_VERITY_SIG SD_ID128_MAKE(f5,e2,c2,0c,45,b2,4f,fa,bc,e9,2a,60,73,7e,1a,af) -#define GPT_ROOT_PPC_VERITY_SIG SD_ID128_MAKE(1b,31,b5,aa,ad,d9,46,3a,b2,ed,bd,46,7f,c8,57,e7) -#define GPT_ROOT_RISCV32_VERITY_SIG SD_ID128_MAKE(3a,11,2a,75,87,29,43,80,b4,cf,76,4d,79,93,44,48) -#define GPT_ROOT_RISCV64_VERITY_SIG SD_ID128_MAKE(ef,e0,f0,87,ea,8d,44,69,82,1a,4c,2a,96,a8,38,6a) -#define GPT_ROOT_S390X_VERITY_SIG SD_ID128_MAKE(c8,01,87,a5,73,a3,49,1a,90,1a,01,7c,3f,a9,53,e9) -#define GPT_ROOT_S390_VERITY_SIG SD_ID128_MAKE(34,82,38,8e,42,54,43,5a,a2,41,76,6a,06,5f,99,60) -#define GPT_ROOT_TILEGX_VERITY_SIG SD_ID128_MAKE(b3,67,14,39,97,b0,4a,53,90,f7,2d,5a,8f,3a,d4,7b) -#define GPT_ROOT_X86_64_VERITY_SIG SD_ID128_MAKE(41,09,2b,05,9f,c8,45,23,99,4f,2d,ef,04,08,b1,76) -#define GPT_ROOT_X86_VERITY_SIG SD_ID128_MAKE(59,96,fc,05,10,9c,48,de,80,8b,23,fa,08,30,b6,76) -#define GPT_USR_ALPHA_VERITY_SIG SD_ID128_MAKE(5c,6e,1c,76,07,6a,45,7a,a0,fe,f3,b4,cd,21,ce,6e) -#define GPT_USR_ARC_VERITY_SIG SD_ID128_MAKE(94,f9,a9,a1,99,71,42,7a,a4,00,50,cb,29,7f,0f,35) -#define GPT_USR_ARM_VERITY_SIG SD_ID128_MAKE(d7,ff,81,2f,37,d1,49,02,a8,10,d7,6b,a5,7b,97,5a) -#define GPT_USR_ARM64_VERITY_SIG SD_ID128_MAKE(c2,3c,e4,ff,44,bd,4b,00,b2,d4,b4,1b,34,19,e0,2a) -#define GPT_USR_IA64_VERITY_SIG SD_ID128_MAKE(8d,e5,8b,c2,2a,43,46,0d,b1,4e,a7,6e,4a,17,b4,7f) -#define GPT_USR_LOONGARCH64_VERITY_SIG SD_ID128_MAKE(b0,24,f3,15,d3,30,44,4c,84,61,44,bb,de,52,4e,99) -#define GPT_USR_MIPS_LE_VERITY_SIG SD_ID128_MAKE(3e,23,ca,0b,a4,bc,4b,4e,80,87,5a,b6,a2,6a,a8,a9) -#define GPT_USR_MIPS64_LE_VERITY_SIG SD_ID128_MAKE(f2,c2,c7,ee,ad,cc,43,51,b5,c6,ee,98,16,b6,6e,16) -#define GPT_USR_PARISC_VERITY_SIG SD_ID128_MAKE(45,0d,d7,d1,32,24,45,ec,9c,f2,a4,3a,34,6d,71,ee) -#define GPT_USR_PPC64_LE_VERITY_SIG SD_ID128_MAKE(c8,bf,bd,1e,26,8e,45,21,8b,ba,bf,31,4c,39,95,57) -#define GPT_USR_PPC64_VERITY_SIG SD_ID128_MAKE(0b,88,88,63,d7,f8,4d,9e,97,66,23,9f,ce,4d,58,af) -#define GPT_USR_PPC_VERITY_SIG SD_ID128_MAKE(70,07,89,1d,d3,71,4a,80,86,a4,5c,b8,75,b9,30,2e) -#define GPT_USR_RISCV32_VERITY_SIG SD_ID128_MAKE(c3,83,6a,13,31,37,45,ba,b5,83,b1,6c,50,fe,5e,b4) -#define GPT_USR_RISCV64_VERITY_SIG SD_ID128_MAKE(d2,f9,00,0a,7a,18,45,3f,b5,cd,4d,32,f7,7a,7b,32) -#define GPT_USR_S390X_VERITY_SIG SD_ID128_MAKE(3f,32,48,16,66,7b,46,ae,86,ee,9b,0c,0c,6c,11,b4) -#define GPT_USR_S390_VERITY_SIG SD_ID128_MAKE(17,44,0e,4f,a8,d0,46,7f,a4,6e,39,12,ae,6e,f2,c5) -#define GPT_USR_TILEGX_VERITY_SIG SD_ID128_MAKE(4e,de,75,e2,6c,cc,4c,c8,b9,c7,70,33,4b,08,75,10) -#define GPT_USR_X86_64_VERITY_SIG SD_ID128_MAKE(e7,bb,33,fb,06,cf,4e,81,82,73,e5,43,b4,13,e2,e2) -#define GPT_USR_X86_VERITY_SIG SD_ID128_MAKE(97,4a,71,c0,de,41,43,c3,be,5d,5c,5c,cd,1a,d2,c0) - -#define GPT_ESP SD_ID128_MAKE(c1,2a,73,28,f8,1f,11,d2,ba,4b,00,a0,c9,3e,c9,3b) -#define GPT_ESP_STR SD_ID128_MAKE_UUID_STR(c1,2a,73,28,f8,1f,11,d2,ba,4b,00,a0,c9,3e,c9,3b) -#define GPT_XBOOTLDR SD_ID128_MAKE(bc,13,c2,ff,59,e6,42,62,a3,52,b2,75,fd,6f,71,72) -#define GPT_XBOOTLDR_STR SD_ID128_MAKE_UUID_STR(bc,13,c2,ff,59,e6,42,62,a3,52,b2,75,fd,6f,71,72) -#define GPT_SWAP SD_ID128_MAKE(06,57,fd,6d,a4,ab,43,c4,84,e5,09,33,c8,4b,4f,4f) -#define GPT_SWAP_STR SD_ID128_MAKE_UUID_STR(06,57,fd,6d,a4,ab,43,c4,84,e5,09,33,c8,4b,4f,4f) -#define GPT_HOME SD_ID128_MAKE(93,3a,c7,e1,2e,b4,4f,13,b8,44,0e,14,e2,ae,f9,15) -#define GPT_HOME_STR SD_ID128_MAKE_UUID_STR(93,3a,c7,e1,2e,b4,4f,13,b8,44,0e,14,e2,ae,f9,15) -#define GPT_SRV SD_ID128_MAKE(3b,8f,84,25,20,e0,4f,3b,90,7f,1a,25,a7,6f,98,e8) -#define GPT_SRV_STR SD_ID128_MAKE_UUID_STR(3b,8f,84,25,20,e0,4f,3b,90,7f,1a,25,a7,6f,98,e8) -#define GPT_VAR SD_ID128_MAKE(4d,21,b0,16,b5,34,45,c2,a9,fb,5c,16,e0,91,fd,2d) -#define GPT_VAR_STR SD_ID128_MAKE_UUID_STR(4d,21,b0,16,b5,34,45,c2,a9,fb,5c,16,e0,91,fd,2d) -#define GPT_TMP SD_ID128_MAKE(7e,c6,f5,57,3b,c5,4a,ca,b2,93,16,ef,5d,f6,39,d1) -#define GPT_TMP_STR SD_ID128_MAKE_UUID_STR(7e,c6,f5,57,3b,c5,4a,ca,b2,93,16,ef,5d,f6,39,d1) -#define GPT_USER_HOME SD_ID128_MAKE(77,3f,91,ef,66,d4,49,b5,bd,83,d6,83,bf,40,ad,16) -#define GPT_USER_HOME_STR SD_ID128_MAKE_UUID_STR(77,3f,91,ef,66,d4,49,b5,bd,83,d6,83,bf,40,ad,16) -#define GPT_LINUX_GENERIC SD_ID128_MAKE(0f,c6,3d,af,84,83,47,72,8e,79,3d,69,d8,47,7d,e4) -#define GPT_LINUX_GENERIC_STR SD_ID128_MAKE_UUID_STR(0f,c6,3d,af,84,83,47,72,8e,79,3d,69,d8,47,7d,e4) - -/* Maintain same order as above */ -#if defined(__alpha__) -# define GPT_ROOT_NATIVE GPT_ROOT_ALPHA -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_ALPHA_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_ALPHA_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_ALPHA -# define GPT_USR_NATIVE_VERITY GPT_USR_ALPHA_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_ALPHA_VERITY_SIG - -#elif defined(__arc__) -# define GPT_ROOT_NATIVE GPT_ROOT_ARC -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_ARC_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_ARC_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_ARC -# define GPT_USR_NATIVE_VERITY GPT_USR_ARC_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_ARC_VERITY_SIG - -#elif defined(__aarch64__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -# define GPT_ROOT_NATIVE GPT_ROOT_ARM64 -# define GPT_ROOT_SECONDARY GPT_ROOT_ARM -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_ARM64_VERITY -# define GPT_ROOT_SECONDARY_VERITY GPT_ROOT_ARM_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_ARM64_VERITY_SIG -# define GPT_ROOT_SECONDARY_VERITY_SIG GPT_ROOT_ARM_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_ARM64 -# define GPT_USR_SECONDARY GPT_USR_ARM -# define GPT_USR_NATIVE_VERITY GPT_USR_ARM64_VERITY -# define GPT_USR_SECONDARY_VERITY GPT_USR_ARM_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_ARM64_VERITY_SIG -# define GPT_USR_SECONDARY_VERITY_SIG GPT_USR_ARM_VERITY_SIG -#elif defined(__arm__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -# define GPT_ROOT_NATIVE GPT_ROOT_ARM -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_ARM_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_ARM_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_ARM -# define GPT_USR_NATIVE_VERITY GPT_USR_ARM_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_ARM_VERITY_SIG - -#elif defined(__ia64__) -# define GPT_ROOT_NATIVE GPT_ROOT_IA64 -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_IA64_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_IA64_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_IA64 -# define GPT_USR_NATIVE_VERITY GPT_USR_IA64_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_IA64_VERITY_SIG - -#elif defined(__loongarch64) -# define GPT_ROOT_NATIVE GPT_ROOT_LOONGARCH64 -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_LOONGARCH64_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_LOONGARCH64_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_LOONGARCH64 -# define GPT_USR_NATIVE_VERITY GPT_USR_LOONGARCH64_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_LOONGARCH64_VERITY_SIG - -#elif defined(__powerpc__) && defined(__PPC64__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ -# define GPT_ROOT_NATIVE GPT_ROOT_PPC64_LE -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_PPC64_LE_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_PPC64_LE_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_PPC64_LE -# define GPT_USR_NATIVE_VERITY GPT_USR_PPC64_LE_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_PPC64_LE_VERITY_SIG -#elif defined(__powerpc__) && defined(__powerpc64__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ -# define GPT_ROOT_NATIVE GPT_ROOT_PPC64 -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_PPC64_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_PPC64_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_PPC64 -# define GPT_USR_NATIVE_VERITY GPT_USR_PPC64_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_PPC64_VERITY_SIG -#elif defined(__powerpc__) -# define GPT_ROOT_NATIVE GPT_ROOT_PPC -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_PPC_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_PPC_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_PPC -# define GPT_USR_NATIVE_VERITY GPT_USR_PPC_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_PPC_VERITY_SIG - -#elif defined(__riscv) && __riscv_xlen == 32 -# define GPT_ROOT_NATIVE GPT_ROOT_RISCV32 -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_RISCV32_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_RISCV32_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_RISCV32 -# define GPT_USR_NATIVE_VERITY GPT_USR_RISCV32_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_RISCV32_VERITY_SIG -#elif defined(__riscv) && __riscv_xlen == 64 -# define GPT_ROOT_NATIVE GPT_ROOT_RISCV64 -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_RISCV64_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_RISCV64_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_RISCV64 -# define GPT_USR_NATIVE_VERITY GPT_USR_RISCV64_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_RISCV64_VERITY_SIG - -#elif defined(__s390x__) -# define GPT_ROOT_NATIVE GPT_ROOT_S390X -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_S390X_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_S390X_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_S390X -# define GPT_USR_NATIVE_VERITY GPT_USR_S390X_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_S390X_VERITY_SIG - -#elif defined(__s390__) -# define GPT_ROOT_NATIVE GPT_ROOT_S390 -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_S390_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_S390_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_S390 -# define GPT_USR_NATIVE_VERITY GPT_USR_S390_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_S390_VERITY_SIG - -#elif defined(__tilegx__) -# define GPT_ROOT_NATIVE GPT_ROOT_TILEGX -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_TILEGX_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_TILEGX_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_TILEGX -# define GPT_USR_NATIVE_VERITY GPT_USR_TILEGX_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_TILEGX_VERITY_SIG - -#elif defined(__x86_64__) -# define GPT_ROOT_NATIVE GPT_ROOT_X86_64 -# define GPT_ROOT_SECONDARY GPT_ROOT_X86 -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_X86_64_VERITY -# define GPT_ROOT_SECONDARY_VERITY GPT_ROOT_X86_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_X86_64_VERITY_SIG -# define GPT_ROOT_SECONDARY_VERITY_SIG GPT_ROOT_X86_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_X86_64 -# define GPT_USR_SECONDARY GPT_USR_X86 -# define GPT_USR_NATIVE_VERITY GPT_USR_X86_64_VERITY -# define GPT_USR_SECONDARY_VERITY GPT_USR_X86_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_X86_64_VERITY_SIG -# define GPT_USR_SECONDARY_VERITY_SIG GPT_USR_X86_VERITY_SIG -#elif defined(__i386__) -# define GPT_ROOT_NATIVE GPT_ROOT_X86 -# define GPT_ROOT_NATIVE_VERITY GPT_ROOT_X86_VERITY -# define GPT_ROOT_NATIVE_VERITY_SIG GPT_ROOT_X86_VERITY_SIG -# define GPT_USR_NATIVE GPT_USR_X86 -# define GPT_USR_NATIVE_VERITY GPT_USR_X86_VERITY -# define GPT_USR_NATIVE_VERITY_SIG GPT_USR_X86_VERITY_SIG -#endif - -#define GPT_FLAG_REQUIRED_PARTITION (1ULL << 0) -#define GPT_FLAG_NO_BLOCK_IO_PROTOCOL (1ULL << 1) -#define GPT_FLAG_LEGACY_BIOS_BOOTABLE (1ULL << 2) - -/* Flags we recognize on the root, usr, xbootldr, swap, home, srv, var, tmp partitions when doing - * auto-discovery. These happen to be identical to what Microsoft defines for its own Basic Data Partitions, - * but that's just because we saw no point in defining any other values here. */ -#define GPT_FLAG_READ_ONLY (1ULL << 60) -#define GPT_FLAG_NO_AUTO (1ULL << 63) -#define GPT_FLAG_GROWFS (1ULL << 59) - /* maximum length of gpt label */ #define GPT_LABEL_MAX 36 diff --git a/src/systemd/meson.build b/src/systemd/meson.build index 6048c13859..d75097de27 100644 --- a/src/systemd/meson.build +++ b/src/systemd/meson.build @@ -7,6 +7,7 @@ _systemd_headers = [ 'sd-daemon.h', 'sd-device.h', 'sd-event.h', + 'sd-gpt.h', 'sd-hwdb.h', 'sd-id128.h', 'sd-journal.h', diff --git a/src/systemd/sd-gpt.h b/src/systemd/sd-gpt.h new file mode 100644 index 0000000000..3527897c27 --- /dev/null +++ b/src/systemd/sd-gpt.h @@ -0,0 +1,315 @@ +/* SPDX-License-Identifier: LGPL-2.1-or-later */ +#ifndef foosdgpthfoo +#define foosdgpthfoo + +/*** + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see . +***/ + +#include "sd-id128.h" + +#include "_sd-common.h" + +_SD_BEGIN_DECLARATIONS; + +#define SD_GPT_ROOT_ALPHA SD_ID128_MAKE(65,23,f8,ae,3e,b1,4e,2a,a0,5a,18,b6,95,ae,65,6f) +#define SD_GPT_ROOT_ARC SD_ID128_MAKE(d2,7f,46,ed,29,19,4c,b8,bd,25,95,31,f3,c1,65,34) +#define SD_GPT_ROOT_ARM SD_ID128_MAKE(69,da,d7,10,2c,e4,4e,3c,b1,6c,21,a1,d4,9a,be,d3) +#define SD_GPT_ROOT_ARM64 SD_ID128_MAKE(b9,21,b0,45,1d,f0,41,c3,af,44,4c,6f,28,0d,3f,ae) +#define SD_GPT_ROOT_IA64 SD_ID128_MAKE(99,3d,8d,3d,f8,0e,42,25,85,5a,9d,af,8e,d7,ea,97) +#define SD_GPT_ROOT_LOONGARCH64 SD_ID128_MAKE(77,05,58,00,79,2c,4f,94,b3,9a,98,c9,1b,76,2b,b6) +#define SD_GPT_ROOT_MIPS_LE SD_ID128_MAKE(37,c5,8c,8a,d9,13,41,56,a2,5f,48,b1,b6,4e,07,f0) +#define SD_GPT_ROOT_MIPS64_LE SD_ID128_MAKE(70,0b,da,43,7a,34,45,07,b1,79,ee,b9,3d,7a,7c,a3) +#define SD_GPT_ROOT_PARISC SD_ID128_MAKE(1a,ac,db,3b,54,44,41,38,bd,9e,e5,c2,23,9b,23,46) +#define SD_GPT_ROOT_PPC SD_ID128_MAKE(1d,e3,f1,ef,fa,98,47,b5,8d,cd,4a,86,0a,65,4d,78) +#define SD_GPT_ROOT_PPC64 SD_ID128_MAKE(91,2a,de,1d,a8,39,49,13,89,64,a1,0e,ee,08,fb,d2) +#define SD_GPT_ROOT_PPC64_LE SD_ID128_MAKE(c3,1c,45,e6,3f,39,41,2e,80,fb,48,09,c4,98,05,99) +#define SD_GPT_ROOT_RISCV32 SD_ID128_MAKE(60,d5,a7,fe,8e,7d,43,5c,b7,14,3d,d8,16,21,44,e1) +#define SD_GPT_ROOT_RISCV64 SD_ID128_MAKE(72,ec,70,a6,cf,74,40,e6,bd,49,4b,da,08,e8,f2,24) +#define SD_GPT_ROOT_S390X SD_ID128_MAKE(5e,ea,d9,a9,fe,09,4a,1e,a1,d7,52,0d,00,53,13,06) +#define SD_GPT_ROOT_S390 SD_ID128_MAKE(08,a7,ac,ea,62,4c,4a,20,91,e8,6e,0f,a6,7d,23,f9) +#define SD_GPT_ROOT_TILEGX SD_ID128_MAKE(c5,0c,dd,70,38,62,4c,c3,90,e1,80,9a,8c,93,ee,2c) +#define SD_GPT_ROOT_X86 SD_ID128_MAKE(44,47,95,40,f2,97,41,b2,9a,f7,d1,31,d5,f0,45,8a) +#define SD_GPT_ROOT_X86_64 SD_ID128_MAKE(4f,68,bc,e3,e8,cd,4d,b1,96,e7,fb,ca,f9,84,b7,09) +#define SD_GPT_USR_ALPHA SD_ID128_MAKE(e1,8c,f0,8c,33,ec,4c,0d,82,46,c6,c6,fb,3d,a0,24) +#define SD_GPT_USR_ARC SD_ID128_MAKE(79,78,a6,83,63,16,49,22,bb,ee,38,bf,f5,a2,fe,cc) +#define SD_GPT_USR_ARM SD_ID128_MAKE(7d,03,59,a3,02,b3,4f,0a,86,5c,65,44,03,e7,06,25) +#define SD_GPT_USR_ARM64 SD_ID128_MAKE(b0,e0,10,50,ee,5f,43,90,94,9a,91,01,b1,71,04,e9) +#define SD_GPT_USR_IA64 SD_ID128_MAKE(43,01,d2,a6,4e,3b,4b,2a,bb,94,9e,0b,2c,42,25,ea) +#define SD_GPT_USR_LOONGARCH64 SD_ID128_MAKE(e6,11,c7,02,57,5c,4c,be,9a,46,43,4f,a0,bf,7e,3f) +#define SD_GPT_USR_MIPS_LE SD_ID128_MAKE(0f,48,68,e9,99,52,47,06,97,9f,3e,d3,a4,73,e9,47) +#define SD_GPT_USR_MIPS64_LE SD_ID128_MAKE(c9,7c,1f,32,ba,06,40,b4,9f,22,23,60,61,b0,8a,a8) +#define SD_GPT_USR_PARISC SD_ID128_MAKE(dc,4a,44,80,69,17,42,62,a4,ec,db,93,84,94,9f,25) +#define SD_GPT_USR_PPC SD_ID128_MAKE(7d,14,fe,c5,cc,71,41,5d,9d,6c,06,bf,0b,3c,3e,af) +#define SD_GPT_USR_PPC64 SD_ID128_MAKE(2c,97,39,e2,f0,68,46,b3,9f,d0,01,c5,a9,af,bc,ca) +#define SD_GPT_USR_PPC64_LE SD_ID128_MAKE(15,bb,03,af,77,e7,4d,4a,b1,2b,c0,d0,84,f7,49,1c) +#define SD_GPT_USR_RISCV32 SD_ID128_MAKE(b9,33,fb,22,5c,3f,4f,91,af,90,e2,bb,0f,a5,07,02) +#define SD_GPT_USR_RISCV64 SD_ID128_MAKE(be,ae,c3,4b,84,42,43,9b,a4,0b,98,43,81,ed,09,7d) +#define SD_GPT_USR_S390X SD_ID128_MAKE(8a,4f,57,70,50,aa,4e,d3,87,4a,99,b7,10,db,6f,ea) +#define SD_GPT_USR_S390 SD_ID128_MAKE(cd,0f,86,9b,d0,fb,4c,a0,b1,41,9e,a8,7c,c7,8d,66) +#define SD_GPT_USR_TILEGX SD_ID128_MAKE(55,49,70,29,c7,c1,44,cc,aa,39,81,5e,d1,55,86,30) +#define SD_GPT_USR_X86 SD_ID128_MAKE(75,25,0d,76,8c,c6,45,8e,bd,66,bd,47,cc,81,a8,12) +#define SD_GPT_USR_X86_64 SD_ID128_MAKE(84,84,68,0c,95,21,48,c6,9c,11,b0,72,06,56,f6,9e) + +/* Verity partitions for the root partitions above (we only define them for the root and /usr partitions, + * because only they are commonly read-only and hence suitable for verity). */ +#define SD_GPT_ROOT_ALPHA_VERITY SD_ID128_MAKE(fc,56,d9,e9,e6,e5,4c,06,be,32,e7,44,07,ce,09,a5) +#define SD_GPT_ROOT_ARC_VERITY SD_ID128_MAKE(24,b2,d9,75,0f,97,45,21,af,a1,cd,53,1e,42,1b,8d) +#define SD_GPT_ROOT_ARM_VERITY SD_ID128_MAKE(73,86,cd,f2,20,3c,47,a9,a4,98,f2,ec,ce,45,a2,d6) +#define SD_GPT_ROOT_ARM64_VERITY SD_ID128_MAKE(df,33,00,ce,d6,9f,4c,92,97,8c,9b,fb,0f,38,d8,20) +#define SD_GPT_ROOT_IA64_VERITY SD_ID128_MAKE(86,ed,10,d5,b6,07,45,bb,89,57,d3,50,f2,3d,05,71) +#define SD_GPT_ROOT_LOONGARCH64_VERITY SD_ID128_MAKE(f3,39,3b,22,e9,af,46,13,a9,48,9d,3b,fb,d0,c5,35) +#define SD_GPT_ROOT_MIPS_LE_VERITY SD_ID128_MAKE(d7,d1,50,d2,2a,04,4a,33,8f,12,16,65,12,05,ff,7b) +#define SD_GPT_ROOT_MIPS64_LE_VERITY SD_ID128_MAKE(16,b4,17,f8,3e,06,4f,57,8d,d2,9b,52,32,f4,1a,a6) +#define SD_GPT_ROOT_PARISC_VERITY SD_ID128_MAKE(d2,12,a4,30,fb,c5,49,f9,a9,83,a7,fe,ef,2b,8d,0e) +#define SD_GPT_ROOT_PPC64_LE_VERITY SD_ID128_MAKE(90,6b,d9,44,45,89,4a,ae,a4,e4,dd,98,39,17,44,6a) +#define SD_GPT_ROOT_PPC64_VERITY SD_ID128_MAKE(92,25,a9,a3,3c,19,4d,89,b4,f6,ee,ff,88,f1,76,31) +#define SD_GPT_ROOT_PPC_VERITY SD_ID128_MAKE(98,cf,e6,49,15,88,46,dc,b2,f0,ad,d1,47,42,49,25) +#define SD_GPT_ROOT_RISCV32_VERITY SD_ID128_MAKE(ae,02,53,be,11,67,40,07,ac,68,43,92,6c,14,c5,de) +#define SD_GPT_ROOT_RISCV64_VERITY SD_ID128_MAKE(b6,ed,55,82,44,0b,42,09,b8,da,5f,f7,c4,19,ea,3d) +#define SD_GPT_ROOT_S390X_VERITY SD_ID128_MAKE(b3,25,bf,be,c7,be,4a,b8,83,57,13,9e,65,2d,2f,6b) +#define SD_GPT_ROOT_S390_VERITY SD_ID128_MAKE(7a,c6,3b,47,b2,5c,46,3b,8d,f8,b4,a9,4e,6c,90,e1) +#define SD_GPT_ROOT_TILEGX_VERITY SD_ID128_MAKE(96,60,61,ec,28,e4,4b,2e,b4,a5,1f,0a,82,5a,1d,84) +#define SD_GPT_ROOT_X86_64_VERITY SD_ID128_MAKE(2c,73,57,ed,eb,d2,46,d9,ae,c1,23,d4,37,ec,2b,f5) +#define SD_GPT_ROOT_X86_VERITY SD_ID128_MAKE(d1,3c,5d,3b,b5,d1,42,2a,b2,9f,94,54,fd,c8,9d,76) +#define SD_GPT_USR_ALPHA_VERITY SD_ID128_MAKE(8c,ce,0d,25,c0,d0,4a,44,bd,87,46,33,1b,f1,df,67) +#define SD_GPT_USR_ARC_VERITY SD_ID128_MAKE(fc,a0,59,8c,d8,80,45,91,8c,16,4e,da,05,c7,34,7c) +#define SD_GPT_USR_ARM_VERITY SD_ID128_MAKE(c2,15,d7,51,7b,cd,46,49,be,90,66,27,49,0a,4c,05) +#define SD_GPT_USR_ARM64_VERITY SD_ID128_MAKE(6e,11,a4,e7,fb,ca,4d,ed,b9,e9,e1,a5,12,bb,66,4e) +#define SD_GPT_USR_IA64_VERITY SD_ID128_MAKE(6a,49,1e,03,3b,e7,45,45,8e,38,83,32,0e,0e,a8,80) +#define SD_GPT_USR_LOONGARCH64_VERITY SD_ID128_MAKE(f4,6b,2c,26,59,ae,48,f0,91,06,c5,0e,d4,7f,67,3d) +#define SD_GPT_USR_MIPS_LE_VERITY SD_ID128_MAKE(46,b9,8d,8d,b5,5c,4e,8f,aa,b3,37,fc,a7,f8,07,52) +#define SD_GPT_USR_MIPS64_LE_VERITY SD_ID128_MAKE(3c,3d,61,fe,b5,f3,41,4d,bb,71,87,39,a6,94,a4,ef) +#define SD_GPT_USR_PARISC_VERITY SD_ID128_MAKE(58,43,d6,18,ec,37,48,d7,9f,12,ce,a8,e0,87,68,b2) +#define SD_GPT_USR_PPC64_LE_VERITY SD_ID128_MAKE(ee,2b,99,83,21,e8,41,53,86,d9,b6,90,1a,54,d1,ce) +#define SD_GPT_USR_PPC64_VERITY SD_ID128_MAKE(bd,b5,28,a5,a2,59,47,5f,a8,7d,da,53,fa,73,6a,07) +#define SD_GPT_USR_PPC_VERITY SD_ID128_MAKE(df,76,5d,00,27,0e,49,e5,bc,75,f4,7b,b2,11,8b,09) +#define SD_GPT_USR_RISCV32_VERITY SD_ID128_MAKE(cb,1e,e4,e3,8c,d0,41,36,a0,a4,aa,61,a3,2e,87,30) +#define SD_GPT_USR_RISCV64_VERITY SD_ID128_MAKE(8f,10,56,be,9b,05,47,c4,81,d6,be,53,12,8e,5b,54) +#define SD_GPT_USR_S390X_VERITY SD_ID128_MAKE(31,74,1c,c4,1a,2a,41,11,a5,81,e0,0b,44,7d,2d,06) +#define SD_GPT_USR_S390_VERITY SD_ID128_MAKE(b6,63,c6,18,e7,bc,4d,6d,90,aa,11,b7,56,bb,17,97) +#define SD_GPT_USR_TILEGX_VERITY SD_ID128_MAKE(2f,b4,bf,56,07,fa,42,da,81,32,6b,13,9f,20,26,ae) +#define SD_GPT_USR_X86_64_VERITY SD_ID128_MAKE(77,ff,5f,63,e7,b6,46,33,ac,f4,15,65,b8,64,c0,e6) +#define SD_GPT_USR_X86_VERITY SD_ID128_MAKE(8f,46,1b,0d,14,ee,4e,81,9a,a9,04,9b,6f,b9,7a,bd) + +/* PKCS#7 Signatures for the Verity Root Hashes */ +#define SD_GPT_ROOT_ALPHA_VERITY_SIG SD_ID128_MAKE(d4,64,95,b7,a0,53,41,4f,80,f7,70,0c,99,92,1e,f8) +#define SD_GPT_ROOT_ARC_VERITY_SIG SD_ID128_MAKE(14,3a,70,ba,cb,d3,4f,06,91,9f,6c,05,68,3a,78,bc) +#define SD_GPT_ROOT_ARM_VERITY_SIG SD_ID128_MAKE(42,b0,45,5f,eb,11,49,1d,98,d3,56,14,5b,a9,d0,37) +#define SD_GPT_ROOT_ARM64_VERITY_SIG SD_ID128_MAKE(6d,b6,9d,e6,29,f4,47,58,a7,a5,96,21,90,f0,0c,e3) +#define SD_GPT_ROOT_IA64_VERITY_SIG SD_ID128_MAKE(e9,8b,36,ee,32,ba,48,82,9b,12,0c,e1,46,55,f4,6a) +#define SD_GPT_ROOT_LOONGARCH64_VERITY_SIG SD_ID128_MAKE(5a,fb,67,eb,ec,c8,4f,85,ae,8e,ac,1e,7c,50,e7,d0) +#define SD_GPT_ROOT_MIPS_LE_VERITY_SIG SD_ID128_MAKE(c9,19,cc,1f,44,56,4e,ff,91,8c,f7,5e,94,52,5c,a5) +#define SD_GPT_ROOT_MIPS64_LE_VERITY_SIG SD_ID128_MAKE(90,4e,58,ef,5c,65,4a,31,9c,57,6a,f5,fc,7c,5d,e7) +#define SD_GPT_ROOT_PARISC_VERITY_SIG SD_ID128_MAKE(15,de,61,70,65,d3,43,1c,91,6e,b0,dc,d8,39,3f,25) +#define SD_GPT_ROOT_PPC64_LE_VERITY_SIG SD_ID128_MAKE(d4,a2,36,e7,e8,73,4c,07,bf,1d,bf,6c,f7,f1,c3,c6) +#define SD_GPT_ROOT_PPC64_VERITY_SIG SD_ID128_MAKE(f5,e2,c2,0c,45,b2,4f,fa,bc,e9,2a,60,73,7e,1a,af) +#define SD_GPT_ROOT_PPC_VERITY_SIG SD_ID128_MAKE(1b,31,b5,aa,ad,d9,46,3a,b2,ed,bd,46,7f,c8,57,e7) +#define SD_GPT_ROOT_RISCV32_VERITY_SIG SD_ID128_MAKE(3a,11,2a,75,87,29,43,80,b4,cf,76,4d,79,93,44,48) +#define SD_GPT_ROOT_RISCV64_VERITY_SIG SD_ID128_MAKE(ef,e0,f0,87,ea,8d,44,69,82,1a,4c,2a,96,a8,38,6a) +#define SD_GPT_ROOT_S390X_VERITY_SIG SD_ID128_MAKE(c8,01,87,a5,73,a3,49,1a,90,1a,01,7c,3f,a9,53,e9) +#define SD_GPT_ROOT_S390_VERITY_SIG SD_ID128_MAKE(34,82,38,8e,42,54,43,5a,a2,41,76,6a,06,5f,99,60) +#define SD_GPT_ROOT_TILEGX_VERITY_SIG SD_ID128_MAKE(b3,67,14,39,97,b0,4a,53,90,f7,2d,5a,8f,3a,d4,7b) +#define SD_GPT_ROOT_X86_64_VERITY_SIG SD_ID128_MAKE(41,09,2b,05,9f,c8,45,23,99,4f,2d,ef,04,08,b1,76) +#define SD_GPT_ROOT_X86_VERITY_SIG SD_ID128_MAKE(59,96,fc,05,10,9c,48,de,80,8b,23,fa,08,30,b6,76) +#define SD_GPT_USR_ALPHA_VERITY_SIG SD_ID128_MAKE(5c,6e,1c,76,07,6a,45,7a,a0,fe,f3,b4,cd,21,ce,6e) +#define SD_GPT_USR_ARC_VERITY_SIG SD_ID128_MAKE(94,f9,a9,a1,99,71,42,7a,a4,00,50,cb,29,7f,0f,35) +#define SD_GPT_USR_ARM_VERITY_SIG SD_ID128_MAKE(d7,ff,81,2f,37,d1,49,02,a8,10,d7,6b,a5,7b,97,5a) +#define SD_GPT_USR_ARM64_VERITY_SIG SD_ID128_MAKE(c2,3c,e4,ff,44,bd,4b,00,b2,d4,b4,1b,34,19,e0,2a) +#define SD_GPT_USR_IA64_VERITY_SIG SD_ID128_MAKE(8d,e5,8b,c2,2a,43,46,0d,b1,4e,a7,6e,4a,17,b4,7f) +#define SD_GPT_USR_LOONGARCH64_VERITY_SIG SD_ID128_MAKE(b0,24,f3,15,d3,30,44,4c,84,61,44,bb,de,52,4e,99) +#define SD_GPT_USR_MIPS_LE_VERITY_SIG SD_ID128_MAKE(3e,23,ca,0b,a4,bc,4b,4e,80,87,5a,b6,a2,6a,a8,a9) +#define SD_GPT_USR_MIPS64_LE_VERITY_SIG SD_ID128_MAKE(f2,c2,c7,ee,ad,cc,43,51,b5,c6,ee,98,16,b6,6e,16) +#define SD_GPT_USR_PARISC_VERITY_SIG SD_ID128_MAKE(45,0d,d7,d1,32,24,45,ec,9c,f2,a4,3a,34,6d,71,ee) +#define SD_GPT_USR_PPC64_LE_VERITY_SIG SD_ID128_MAKE(c8,bf,bd,1e,26,8e,45,21,8b,ba,bf,31,4c,39,95,57) +#define SD_GPT_USR_PPC64_VERITY_SIG SD_ID128_MAKE(0b,88,88,63,d7,f8,4d,9e,97,66,23,9f,ce,4d,58,af) +#define SD_GPT_USR_PPC_VERITY_SIG SD_ID128_MAKE(70,07,89,1d,d3,71,4a,80,86,a4,5c,b8,75,b9,30,2e) +#define SD_GPT_USR_RISCV32_VERITY_SIG SD_ID128_MAKE(c3,83,6a,13,31,37,45,ba,b5,83,b1,6c,50,fe,5e,b4) +#define SD_GPT_USR_RISCV64_VERITY_SIG SD_ID128_MAKE(d2,f9,00,0a,7a,18,45,3f,b5,cd,4d,32,f7,7a,7b,32) +#define SD_GPT_USR_S390X_VERITY_SIG SD_ID128_MAKE(3f,32,48,16,66,7b,46,ae,86,ee,9b,0c,0c,6c,11,b4) +#define SD_GPT_USR_S390_VERITY_SIG SD_ID128_MAKE(17,44,0e,4f,a8,d0,46,7f,a4,6e,39,12,ae,6e,f2,c5) +#define SD_GPT_USR_TILEGX_VERITY_SIG SD_ID128_MAKE(4e,de,75,e2,6c,cc,4c,c8,b9,c7,70,33,4b,08,75,10) +#define SD_GPT_USR_X86_64_VERITY_SIG SD_ID128_MAKE(e7,bb,33,fb,06,cf,4e,81,82,73,e5,43,b4,13,e2,e2) +#define SD_GPT_USR_X86_VERITY_SIG SD_ID128_MAKE(97,4a,71,c0,de,41,43,c3,be,5d,5c,5c,cd,1a,d2,c0) + +#define SD_GPT_ESP SD_ID128_MAKE(c1,2a,73,28,f8,1f,11,d2,ba,4b,00,a0,c9,3e,c9,3b) +#define SD_GPT_ESP_STR SD_ID128_MAKE_UUID_STR(c1,2a,73,28,f8,1f,11,d2,ba,4b,00,a0,c9,3e,c9,3b) +#define SD_GPT_XBOOTLDR SD_ID128_MAKE(bc,13,c2,ff,59,e6,42,62,a3,52,b2,75,fd,6f,71,72) +#define SD_GPT_XBOOTLDR_STR SD_ID128_MAKE_UUID_STR(bc,13,c2,ff,59,e6,42,62,a3,52,b2,75,fd,6f,71,72) +#define SD_GPT_SWAP SD_ID128_MAKE(06,57,fd,6d,a4,ab,43,c4,84,e5,09,33,c8,4b,4f,4f) +#define SD_GPT_SWAP_STR SD_ID128_MAKE_UUID_STR(06,57,fd,6d,a4,ab,43,c4,84,e5,09,33,c8,4b,4f,4f) +#define SD_GPT_HOME SD_ID128_MAKE(93,3a,c7,e1,2e,b4,4f,13,b8,44,0e,14,e2,ae,f9,15) +#define SD_GPT_HOME_STR SD_ID128_MAKE_UUID_STR(93,3a,c7,e1,2e,b4,4f,13,b8,44,0e,14,e2,ae,f9,15) +#define SD_GPT_SRV SD_ID128_MAKE(3b,8f,84,25,20,e0,4f,3b,90,7f,1a,25,a7,6f,98,e8) +#define SD_GPT_SRV_STR SD_ID128_MAKE_UUID_STR(3b,8f,84,25,20,e0,4f,3b,90,7f,1a,25,a7,6f,98,e8) +#define SD_GPT_VAR SD_ID128_MAKE(4d,21,b0,16,b5,34,45,c2,a9,fb,5c,16,e0,91,fd,2d) +#define SD_GPT_VAR_STR SD_ID128_MAKE_UUID_STR(4d,21,b0,16,b5,34,45,c2,a9,fb,5c,16,e0,91,fd,2d) +#define SD_GPT_TMP SD_ID128_MAKE(7e,c6,f5,57,3b,c5,4a,ca,b2,93,16,ef,5d,f6,39,d1) +#define SD_GPT_TMP_STR SD_ID128_MAKE_UUID_STR(7e,c6,f5,57,3b,c5,4a,ca,b2,93,16,ef,5d,f6,39,d1) +#define SD_GPT_USER_HOME SD_ID128_MAKE(77,3f,91,ef,66,d4,49,b5,bd,83,d6,83,bf,40,ad,16) +#define SD_GPT_USER_HOME_STR SD_ID128_MAKE_UUID_STR(77,3f,91,ef,66,d4,49,b5,bd,83,d6,83,bf,40,ad,16) +#define SD_GPT_LINUX_GENERIC SD_ID128_MAKE(0f,c6,3d,af,84,83,47,72,8e,79,3d,69,d8,47,7d,e4) +#define SD_GPT_LINUX_GENERIC_STR SD_ID128_MAKE_UUID_STR(0f,c6,3d,af,84,83,47,72,8e,79,3d,69,d8,47,7d,e4) + +/* Maintain same order as above */ +#if defined(__alpha__) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_ALPHA +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_ALPHA_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_ALPHA_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_ALPHA +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_ALPHA_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_ALPHA_VERITY_SIG + +#elif defined(__arc__) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_ARC +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_ARC_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_ARC_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_ARC +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_ARC_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_ARC_VERITY_SIG + +#elif defined(__aarch64__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_ARM64 +# define SD_GPT_ROOT_SECONDARY SD_GPT_ROOT_ARM +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_ARM64_VERITY +# define SD_GPT_ROOT_SECONDARY_VERITY SD_GPT_ROOT_ARM_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_ARM64_VERITY_SIG +# define SD_GPT_ROOT_SECONDARY_VERITY_SIG SD_GPT_ROOT_ARM_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_ARM64 +# define SD_GPT_USR_SECONDARY SD_GPT_USR_ARM +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_ARM64_VERITY +# define SD_GPT_USR_SECONDARY_VERITY SD_GPT_USR_ARM_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_ARM64_VERITY_SIG +# define SD_GPT_USR_SECONDARY_VERITY_SIG SD_GPT_USR_ARM_VERITY_SIG +#elif defined(__arm__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_ARM +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_ARM_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_ARM_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_ARM +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_ARM_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_ARM_VERITY_SIG + +#elif defined(__ia64__) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_IA64 +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_IA64_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_IA64_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_IA64 +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_IA64_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_IA64_VERITY_SIG + +#elif defined(__loongarch64) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_LOONGARCH64 +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_LOONGARCH64_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_LOONGARCH64_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_LOONGARCH64 +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_LOONGARCH64_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_LOONGARCH64_VERITY_SIG + +#elif defined(__powerpc__) && defined(__PPC64__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_PPC64_LE +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_PPC64_LE_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_PPC64_LE_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_PPC64_LE +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_PPC64_LE_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_PPC64_LE_VERITY_SIG +#elif defined(__powerpc__) && defined(__powerpc64__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_PPC64 +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_PPC64_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_PPC64_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_PPC64 +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_PPC64_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_PPC64_VERITY_SIG +#elif defined(__powerpc__) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_PPC +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_PPC_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_PPC_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_PPC +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_PPC_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_PPC_VERITY_SIG + +#elif defined(__riscv) && __riscv_xlen == 32 +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_RISCV32 +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_RISCV32_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_RISCV32_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_RISCV32 +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_RISCV32_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_RISCV32_VERITY_SIG +#elif defined(__riscv) && __riscv_xlen == 64 +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_RISCV64 +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_RISCV64_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_RISCV64_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_RISCV64 +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_RISCV64_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_RISCV64_VERITY_SIG + +#elif defined(__s390x__) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_S390X +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_S390X_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_S390X_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_S390X +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_S390X_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_S390X_VERITY_SIG + +#elif defined(__s390__) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_S390 +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_S390_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_S390_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_S390 +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_S390_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_S390_VERITY_SIG + +#elif defined(__tilegx__) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_TILEGX +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_TILEGX_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_TILEGX_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_TILEGX +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_TILEGX_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_TILEGX_VERITY_SIG + +#elif defined(__x86_64__) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_X86_64 +# define SD_GPT_ROOT_SECONDARY SD_GPT_ROOT_X86 +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_X86_64_VERITY +# define SD_GPT_ROOT_SECONDARY_VERITY SD_GPT_ROOT_X86_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_X86_64_VERITY_SIG +# define SD_GPT_ROOT_SECONDARY_VERITY_SIG SD_GPT_ROOT_X86_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_X86_64 +# define SD_GPT_USR_SECONDARY SD_GPT_USR_X86 +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_X86_64_VERITY +# define SD_GPT_USR_SECONDARY_VERITY SD_GPT_USR_X86_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_X86_64_VERITY_SIG +# define SD_GPT_USR_SECONDARY_VERITY_SIG SD_GPT_USR_X86_VERITY_SIG +#elif defined(__i386__) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_X86 +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_X86_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_X86_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_X86 +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_X86_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_X86_VERITY_SIG +#endif + +#define SD_GPT_FLAG_REQUIRED_PARTITION (1ULL << 0) +#define SD_GPT_FLAG_NO_BLOCK_IO_PROTOCOL (1ULL << 1) +#define SD_GPT_FLAG_LEGACY_BIOS_BOOTABLE (1ULL << 2) + +/* Flags we recognize on the root, usr, xbootldr, swap, home, srv, var, tmp partitions when doing + * auto-discovery. These happen to be identical to what Microsoft defines for its own Basic Data Partitions, + * but that's just because we saw no point in defining any other values here. */ +#define SD_GPT_FLAG_READ_ONLY (1ULL << 60) +#define SD_GPT_FLAG_NO_AUTO (1ULL << 63) +#define SD_GPT_FLAG_GROWFS (1ULL << 59) + +_SD_END_DECLARATIONS; + +#endif diff --git a/src/sysupdate/sysupdate-partition.c b/src/sysupdate/sysupdate-partition.c index f3e21001e4..812007fa3b 100644 --- a/src/sysupdate/sysupdate-partition.c +++ b/src/sysupdate/sysupdate-partition.c @@ -48,11 +48,11 @@ static int fdisk_partition_get_attrs_as_uint64( break; if (streq(word, "RequiredPartition")) - flags |= GPT_FLAG_REQUIRED_PARTITION; + flags |= SD_GPT_FLAG_REQUIRED_PARTITION; else if (streq(word, "NoBlockIOProtocol")) - flags |= GPT_FLAG_NO_BLOCK_IO_PROTOCOL; + flags |= SD_GPT_FLAG_NO_BLOCK_IO_PROTOCOL; else if (streq(word, "LegacyBIOSBootable")) - flags |= GPT_FLAG_LEGACY_BIOS_BOOTABLE; + flags |= SD_GPT_FLAG_LEGACY_BIOS_BOOTABLE; else { const char *e; unsigned u; @@ -188,9 +188,9 @@ int read_partition_info( .uuid = id, .label = TAKE_PTR(label_copy), .device = TAKE_PTR(device), - .no_auto = FLAGS_SET(flags, GPT_FLAG_NO_AUTO) && gpt_partition_type_knows_no_auto(ptid), - .read_only = FLAGS_SET(flags, GPT_FLAG_READ_ONLY) && gpt_partition_type_knows_read_only(ptid), - .growfs = FLAGS_SET(flags, GPT_FLAG_GROWFS) && gpt_partition_type_knows_growfs(ptid), + .no_auto = FLAGS_SET(flags, SD_GPT_FLAG_NO_AUTO) && gpt_partition_type_knows_no_auto(ptid), + .read_only = FLAGS_SET(flags, SD_GPT_FLAG_READ_ONLY) && gpt_partition_type_knows_read_only(ptid), + .growfs = FLAGS_SET(flags, SD_GPT_FLAG_GROWFS) && gpt_partition_type_knows_growfs(ptid), }; return 1; /* found! */ @@ -332,11 +332,11 @@ int patch_partition( flags = info->flags; if (tweak_no_auto) - SET_FLAG(flags, GPT_FLAG_NO_AUTO, info->no_auto); + SET_FLAG(flags, SD_GPT_FLAG_NO_AUTO, info->no_auto); if (tweak_read_only) - SET_FLAG(flags, GPT_FLAG_READ_ONLY, info->read_only); + SET_FLAG(flags, SD_GPT_FLAG_READ_ONLY, info->read_only); if (tweak_growfs) - SET_FLAG(flags, GPT_FLAG_GROWFS, info->growfs); + SET_FLAG(flags, SD_GPT_FLAG_GROWFS, info->growfs); r = fdisk_partition_set_attrs_as_uint64(pa, flags); if (r < 0) @@ -354,11 +354,11 @@ int patch_partition( new_flags = old_flags; if (tweak_no_auto) - SET_FLAG(new_flags, GPT_FLAG_NO_AUTO, info->no_auto); + SET_FLAG(new_flags, SD_GPT_FLAG_NO_AUTO, info->no_auto); if (tweak_read_only) - SET_FLAG(new_flags, GPT_FLAG_READ_ONLY, info->read_only); + SET_FLAG(new_flags, SD_GPT_FLAG_READ_ONLY, info->read_only); if (tweak_growfs) - SET_FLAG(new_flags, GPT_FLAG_GROWFS, info->growfs); + SET_FLAG(new_flags, SD_GPT_FLAG_GROWFS, info->growfs); if (new_flags != old_flags) { r = fdisk_partition_set_attrs_as_uint64(pa, new_flags); diff --git a/src/test/test-loop-block.c b/src/test/test-loop-block.c index ee28ad4235..bba8ff91bf 100644 --- a/src/test/test-loop-block.c +++ b/src/test/test-loop-block.c @@ -111,7 +111,7 @@ static void* thread_func(void *ptr) { #endif static bool have_root_gpt_type(void) { -#ifdef GPT_ROOT_NATIVE +#ifdef SD_GPT_ROOT_NATIVE return true; #else return false; @@ -202,10 +202,10 @@ static int run(int argc, char *argv[]) { "size=32M, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F\n" "size=32M, type=", sfdisk); -#ifdef GPT_ROOT_NATIVE - fprintf(sfdisk, SD_ID128_UUID_FORMAT_STR, SD_ID128_FORMAT_VAL(GPT_ROOT_NATIVE)); +#ifdef SD_GPT_ROOT_NATIVE + fprintf(sfdisk, SD_ID128_UUID_FORMAT_STR, SD_ID128_FORMAT_VAL(SD_GPT_ROOT_NATIVE)); #else - fprintf(sfdisk, SD_ID128_UUID_FORMAT_STR, SD_ID128_FORMAT_VAL(GPT_ROOT_X86_64)); + fprintf(sfdisk, SD_ID128_UUID_FORMAT_STR, SD_ID128_FORMAT_VAL(SD_GPT_ROOT_X86_64)); #endif fputs("\n" diff --git a/src/udev/udev-builtin-blkid.c b/src/udev/udev-builtin-blkid.c index f992c8f4c5..435cac44ed 100644 --- a/src/udev/udev-builtin-blkid.c +++ b/src/udev/udev-builtin-blkid.c @@ -117,7 +117,7 @@ static void print_property(sd_device *dev, bool test, const char *name, const ch static int find_gpt_root(sd_device *dev, blkid_probe pr, bool test) { -#if defined(GPT_ROOT_NATIVE) && ENABLE_EFI +#if defined(SD_GPT_ROOT_NATIVE) && ENABLE_EFI _cleanup_free_ char *root_id = NULL, *root_label = NULL; bool found_esp = false; @@ -157,7 +157,7 @@ static int find_gpt_root(sd_device *dev, blkid_probe pr, bool test) { if (sd_id128_from_string(stype, &type) < 0) continue; - if (sd_id128_equal(type, GPT_ESP)) { + if (sd_id128_equal(type, SD_GPT_ESP)) { sd_id128_t id, esp; /* We found an ESP, let's see if it matches @@ -173,11 +173,11 @@ static int find_gpt_root(sd_device *dev, blkid_probe pr, bool test) { if (sd_id128_equal(id, esp)) found_esp = true; - } else if (sd_id128_equal(type, GPT_ROOT_NATIVE)) { + } else if (sd_id128_equal(type, SD_GPT_ROOT_NATIVE)) { unsigned long long flags; flags = blkid_partition_get_flags(pp); - if (flags & GPT_FLAG_NO_AUTO) + if (flags & SD_GPT_FLAG_NO_AUTO) continue; /* We found a suitable root partition, let's remember the first one, or the one with From 974fcc916c9b391d987fa723cd90c7320011e492 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 15 Sep 2022 17:57:24 +0200 Subject: [PATCH 4/9] tools/list-discoverable-partitions: make the script work again --- tools/list-discoverable-partitions.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tools/list-discoverable-partitions.py b/tools/list-discoverable-partitions.py index 37ccd27302..43d7ee9984 100644 --- a/tools/list-discoverable-partitions.py +++ b/tools/list-discoverable-partitions.py @@ -19,6 +19,7 @@ ARCHITECTURES = { 'LOONGARCH64': 'LoongArch 64-bit', 'MIPS_LE': '32-bit MIPS LittleEndian (mipsel)', 'MIPS64_LE': '64-bit MIPS LittleEndian (mips64el)', + 'PARISC': 'HPPA/PARISC', 'PPC': '32-bit PowerPC', 'PPC64': '64-bit PowerPC BigEndian', 'PPC64_LE': '64-bit PowerPC LittleEndian', @@ -54,7 +55,7 @@ DESCRIPTIONS = { 'ROOT': ( 'Any native, optionally in LUKS', 'On systems with matching architecture, the first partition with this type UUID on the disk ' - 'containing the active EFI ESP is automatically mounted to the root directory /. ' + 'containing the active EFI ESP is automatically mounted to the root directory `/`. ' 'If the partition is encrypted with LUKS or has dm-verity integrity data (see below), the ' 'device mapper file will be named `/dev/mapper/root`.'), 'USR': ( @@ -87,8 +88,8 @@ DESCRIPTIONS = { 'XBOOTLDR': ( 'Typically VFAT', 'The Extended Boot Loader Partition (XBOOTLDR) used for the current boot is automatically ' - 'mounted to /boot/, unless a different partition is mounted there (possibly via ' - '/etc/fstab) or the directory is non-empty on the root disk. This partition type ' + 'mounted to `/boot/`, unless a different partition is mounted there (possibly via ' + '`/etc/fstab`) or the directory is non-empty on the root disk. This partition type ' 'is defined by the [Boot Loader Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION).'), 'SWAP': ( 'Swap, optionally in LUKS', @@ -123,7 +124,7 @@ DESCRIPTIONS = { 'automatically mounted to `/var/tmp/`. If the partition is encrypted with LUKS, the ' 'device mapper file will be named `/dev/mapper/tmp`. Note that the intended mount point ' 'is indeed `/var/tmp/`, not `/tmp/`. The latter is typically maintained in memory via ' - 'tmpfs and does not require a partition on disk. In some cases it might be ' + '`tmpfs` and does not require a partition on disk. In some cases it might be ' 'desirable to make `/tmp/` persistent too, in which case it is recommended to make it ' 'a symlink or bind mount to `/var/tmp/`, thus not requiring its own partition type UUID.'), 'USER_HOME': ( @@ -134,22 +135,21 @@ DESCRIPTIONS = { 'Any native, optionally in LUKS', 'No automatic mounting takes place for other Linux data partitions. This partition type ' 'should be used for all partitions that carry Linux file systems. The installer needs ' - 'to mount them explicitly via entries in /etc/fstab. Optionally, these ' - 'partitions may be encrypted with LUKS. This partition type predates the Discoverable ' - 'Partitions Specification.'), + 'to mount them explicitly via entries in `/etc/fstab`. Optionally, these partitions may ' + 'be encrypted with LUKS. This partition type predates the Discoverable Partitions Specification.'), } def extract(file): for line in file: # print(line) - m = re.match(r'^#define\s+GPT_(.*SD_ID128_MAKE\(.*\))', line) + m = re.match(r'^#define\s+SD_GPT_(.*SD_ID128_MAKE\(.*\))', line) if not m: continue if m2 := re.match(r'^(ROOT|USR)_([A-Z0-9]+|X86_64|PPC64_LE|MIPS_LE|MIPS64_LE)(|_VERITY|_VERITY_SIG)\s+SD_ID128_MAKE\((.*)\)', m.group(1)): type, arch, suffix, u = m2.groups() u = uuid.UUID(u.replace(',', '')) - assert arch in ARCHITECTURES + assert arch in ARCHITECTURES, f'{arch} not in f{ARCHITECTURES}' type = f'{type}{suffix}' assert type in TYPES From 9a941ffefed1d0d125275983e5bc60f5bba3bb22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 15 Sep 2022 17:53:28 +0200 Subject: [PATCH 5/9] sd-gpt, docs: define s390 before s390x In all other cases we have the older variant before the newer. And since we generate some documentation tables from the header, this order is also visible for users. Let's restore the order. This commit does 4565246911adbdd1b20d8944c0754772788a768c in a slightly different fashion. --- docs/DISCOVERABLE_PARTITIONS.md | 10 +++++----- src/systemd/sd-gpt.h | 28 ++++++++++++++-------------- 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/DISCOVERABLE_PARTITIONS.md b/docs/DISCOVERABLE_PARTITIONS.md index 122cc06953..90cf43f094 100644 --- a/docs/DISCOVERABLE_PARTITIONS.md +++ b/docs/DISCOVERABLE_PARTITIONS.md @@ -93,8 +93,8 @@ boot loader communicates this information to the OS, by implementing the | _Root Verity Partition (32-bit PowerPC)_ | `98cfe649-1588-46dc-b2f0-add147424925` | ditto | ditto | | _Root Verity Partition (RISC-V 32-bit)_ | `ae0253be-1167-4007-ac68-43926c14c5de` | ditto | ditto | | _Root Verity Partition (RISC-V 64-bit)_ | `b6ed5582-440b-4209-b8da-5ff7c419ea3d` | ditto | ditto | -| _Root Verity Partition (s390x)_ | `b325bfbe-c7be-4ab8-8357-139e652d2f6b` | ditto | ditto | | _Root Verity Partition (s390)_ | `7ac63b47-b25c-463b-8df8-b4a94e6c90e1` | ditto | ditto | +| _Root Verity Partition (s390x)_ | `b325bfbe-c7be-4ab8-8357-139e652d2f6b` | ditto | ditto | | _Root Verity Partition (TILE-Gx)_ | `966061ec-28e4-4b2e-b4a5-1f0a825a1d84` | ditto | ditto | | _Root Verity Partition (amd64/x86_64)_ | `2c7357ed-ebd2-46d9-aec1-23d437ec2bf5` | ditto | ditto | | _Root Verity Partition (x86)_ | `d13c5d3b-b5d1-422a-b29f-9454fdc89d76` | ditto | ditto | @@ -112,8 +112,8 @@ boot loader communicates this information to the OS, by implementing the | _`/usr/` Verity Partition (32-bit PowerPC)_ | `df765d00-270e-49e5-bc75-f47bb2118b09` | ditto | ditto | | _`/usr/` Verity Partition (RISC-V 32-bit)_ | `cb1ee4e3-8cd0-4136-a0a4-aa61a32e8730` | ditto | ditto | | _`/usr/` Verity Partition (RISC-V 64-bit)_ | `8f1056be-9b05-47c4-81d6-be53128e5b54` | ditto | ditto | -| _`/usr/` Verity Partition (s390x)_ | `31741cc4-1a2a-4111-a581-e00b447d2d06` | ditto | ditto | | _`/usr/` Verity Partition (s390)_ | `b663c618-e7bc-4d6d-90aa-11b756bb1797` | ditto | ditto | +| _`/usr/` Verity Partition (s390x)_ | `31741cc4-1a2a-4111-a581-e00b447d2d06` | ditto | ditto | | _`/usr/` Verity Partition (TILE-Gx)_ | `2fb4bf56-07fa-42da-8132-6b139f2026ae` | ditto | ditto | | _`/usr/` Verity Partition (amd64/x86_64)_ | `77ff5f63-e7b6-4633-acf4-1565b864c0e6` | ditto | ditto | | _`/usr/` Verity Partition (x86)_ | `8f461b0d-14ee-4e81-9aa9-049b6fb97abd` | ditto | ditto | @@ -131,8 +131,8 @@ boot loader communicates this information to the OS, by implementing the | _Root Verity Signature Partition (32-bit PowerPC)_ | `1b31b5aa-add9-463a-b2ed-bd467fc857e7` | ditto | ditto | | _Root Verity Signature Partition (RISC-V 32-bit)_ | `3a112a75-8729-4380-b4cf-764d79934448` | ditto | ditto | | _Root Verity Signature Partition (RISC-V 64-bit)_ | `efe0f087-ea8d-4469-821a-4c2a96a8386a` | ditto | ditto | -| _Root Verity Signature Partition (s390x)_ | `c80187a5-73a3-491a-901a-017c3fa953e9` | ditto | ditto | | _Root Verity Signature Partition (s390)_ | `3482388e-4254-435a-a241-766a065f9960` | ditto | ditto | +| _Root Verity Signature Partition (s390x)_ | `c80187a5-73a3-491a-901a-017c3fa953e9` | ditto | ditto | | _Root Verity Signature Partition (TILE-Gx)_ | `b3671439-97b0-4a53-90f7-2d5a8f3ad47b` | ditto | ditto | | _Root Verity Signature Partition (amd64/x86_64)_ | `41092b05-9fc8-4523-994f-2def0408b176` | ditto | ditto | | _Root Verity Signature Partition (x86)_ | `5996fc05-109c-48de-808b-23fa0830b676` | ditto | ditto | @@ -142,16 +142,16 @@ boot loader communicates this information to the OS, by implementing the | _`/usr/` Verity Signature Partition (64-bit ARM/AArch64)_ | `c23ce4ff-44bd-4b00-b2d4-b41b3419e02a` | ditto | ditto | | _`/usr/` Verity Signature Partition (Itanium/IA-64)_ | `8de58bc2-2a43-460d-b14e-a76e4a17b47f` | ditto | ditto | | _`/usr/` Verity Signature Partition (LoongArch 64-bit)_ | `b024f315-d330-444c-8461-44bbde524e99` | ditto | ditto | -| _`/usr/` Verity Signature Partition (HPPA/PARISC)_ | `450dd7d1-3224-45ec-9cf2-a43a346d71ee` | ditto | ditto | | _`/usr/` Verity Signature Partition (32-bit MIPS LittleEndian (mipsel))_ | `3e23ca0b-a4bc-4b4e-8087-5ab6a26aa8a9` | ditto | ditto | | _`/usr/` Verity Signature Partition (64-bit MIPS LittleEndian (mips64el))_ | `f2c2c7ee-adcc-4351-b5c6-ee9816b66e16` | ditto | ditto | +| _`/usr/` Verity Signature Partition (HPPA/PARISC)_ | `450dd7d1-3224-45ec-9cf2-a43a346d71ee` | ditto | ditto | | _`/usr/` Verity Signature Partition (64-bit PowerPC LittleEndian)_ | `c8bfbd1e-268e-4521-8bba-bf314c399557` | ditto | ditto | | _`/usr/` Verity Signature Partition (64-bit PowerPC BigEndian)_ | `0b888863-d7f8-4d9e-9766-239fce4d58af` | ditto | ditto | | _`/usr/` Verity Signature Partition (32-bit PowerPC)_ | `7007891d-d371-4a80-86a4-5cb875b9302e` | ditto | ditto | | _`/usr/` Verity Signature Partition (RISC-V 32-bit)_ | `c3836a13-3137-45ba-b583-b16c50fe5eb4` | ditto | ditto | | _`/usr/` Verity Signature Partition (RISC-V 64-bit)_ | `d2f9000a-7a18-453f-b5cd-4d32f77a7b32` | ditto | ditto | -| _`/usr/` Verity Signature Partition (s390x)_ | `3f324816-667b-46ae-86ee-9b0c0c6c11b4` | ditto | ditto | | _`/usr/` Verity Signature Partition (s390)_ | `17440e4f-a8d0-467f-a46e-3912ae6ef2c5` | ditto | ditto | +| _`/usr/` Verity Signature Partition (s390x)_ | `3f324816-667b-46ae-86ee-9b0c0c6c11b4` | ditto | ditto | | _`/usr/` Verity Signature Partition (TILE-Gx)_ | `4ede75e2-6ccc-4cc8-b9c7-70334b087510` | ditto | ditto | | _`/usr/` Verity Signature Partition (amd64/x86_64)_ | `e7bb33fb-06cf-4e81-8273-e543b413e2e2` | ditto | ditto | | _`/usr/` Verity Signature Partition (x86)_ | `974a71c0-de41-43c3-be5d-5c5ccd1ad2c0` | ditto | ditto | diff --git a/src/systemd/sd-gpt.h b/src/systemd/sd-gpt.h index 3527897c27..e369a0f4b5 100644 --- a/src/systemd/sd-gpt.h +++ b/src/systemd/sd-gpt.h @@ -37,8 +37,8 @@ _SD_BEGIN_DECLARATIONS; #define SD_GPT_ROOT_PPC64_LE SD_ID128_MAKE(c3,1c,45,e6,3f,39,41,2e,80,fb,48,09,c4,98,05,99) #define SD_GPT_ROOT_RISCV32 SD_ID128_MAKE(60,d5,a7,fe,8e,7d,43,5c,b7,14,3d,d8,16,21,44,e1) #define SD_GPT_ROOT_RISCV64 SD_ID128_MAKE(72,ec,70,a6,cf,74,40,e6,bd,49,4b,da,08,e8,f2,24) -#define SD_GPT_ROOT_S390X SD_ID128_MAKE(5e,ea,d9,a9,fe,09,4a,1e,a1,d7,52,0d,00,53,13,06) #define SD_GPT_ROOT_S390 SD_ID128_MAKE(08,a7,ac,ea,62,4c,4a,20,91,e8,6e,0f,a6,7d,23,f9) +#define SD_GPT_ROOT_S390X SD_ID128_MAKE(5e,ea,d9,a9,fe,09,4a,1e,a1,d7,52,0d,00,53,13,06) #define SD_GPT_ROOT_TILEGX SD_ID128_MAKE(c5,0c,dd,70,38,62,4c,c3,90,e1,80,9a,8c,93,ee,2c) #define SD_GPT_ROOT_X86 SD_ID128_MAKE(44,47,95,40,f2,97,41,b2,9a,f7,d1,31,d5,f0,45,8a) #define SD_GPT_ROOT_X86_64 SD_ID128_MAKE(4f,68,bc,e3,e8,cd,4d,b1,96,e7,fb,ca,f9,84,b7,09) @@ -56,8 +56,8 @@ _SD_BEGIN_DECLARATIONS; #define SD_GPT_USR_PPC64_LE SD_ID128_MAKE(15,bb,03,af,77,e7,4d,4a,b1,2b,c0,d0,84,f7,49,1c) #define SD_GPT_USR_RISCV32 SD_ID128_MAKE(b9,33,fb,22,5c,3f,4f,91,af,90,e2,bb,0f,a5,07,02) #define SD_GPT_USR_RISCV64 SD_ID128_MAKE(be,ae,c3,4b,84,42,43,9b,a4,0b,98,43,81,ed,09,7d) -#define SD_GPT_USR_S390X SD_ID128_MAKE(8a,4f,57,70,50,aa,4e,d3,87,4a,99,b7,10,db,6f,ea) #define SD_GPT_USR_S390 SD_ID128_MAKE(cd,0f,86,9b,d0,fb,4c,a0,b1,41,9e,a8,7c,c7,8d,66) +#define SD_GPT_USR_S390X SD_ID128_MAKE(8a,4f,57,70,50,aa,4e,d3,87,4a,99,b7,10,db,6f,ea) #define SD_GPT_USR_TILEGX SD_ID128_MAKE(55,49,70,29,c7,c1,44,cc,aa,39,81,5e,d1,55,86,30) #define SD_GPT_USR_X86 SD_ID128_MAKE(75,25,0d,76,8c,c6,45,8e,bd,66,bd,47,cc,81,a8,12) #define SD_GPT_USR_X86_64 SD_ID128_MAKE(84,84,68,0c,95,21,48,c6,9c,11,b0,72,06,56,f6,9e) @@ -78,8 +78,8 @@ _SD_BEGIN_DECLARATIONS; #define SD_GPT_ROOT_PPC_VERITY SD_ID128_MAKE(98,cf,e6,49,15,88,46,dc,b2,f0,ad,d1,47,42,49,25) #define SD_GPT_ROOT_RISCV32_VERITY SD_ID128_MAKE(ae,02,53,be,11,67,40,07,ac,68,43,92,6c,14,c5,de) #define SD_GPT_ROOT_RISCV64_VERITY SD_ID128_MAKE(b6,ed,55,82,44,0b,42,09,b8,da,5f,f7,c4,19,ea,3d) -#define SD_GPT_ROOT_S390X_VERITY SD_ID128_MAKE(b3,25,bf,be,c7,be,4a,b8,83,57,13,9e,65,2d,2f,6b) #define SD_GPT_ROOT_S390_VERITY SD_ID128_MAKE(7a,c6,3b,47,b2,5c,46,3b,8d,f8,b4,a9,4e,6c,90,e1) +#define SD_GPT_ROOT_S390X_VERITY SD_ID128_MAKE(b3,25,bf,be,c7,be,4a,b8,83,57,13,9e,65,2d,2f,6b) #define SD_GPT_ROOT_TILEGX_VERITY SD_ID128_MAKE(96,60,61,ec,28,e4,4b,2e,b4,a5,1f,0a,82,5a,1d,84) #define SD_GPT_ROOT_X86_64_VERITY SD_ID128_MAKE(2c,73,57,ed,eb,d2,46,d9,ae,c1,23,d4,37,ec,2b,f5) #define SD_GPT_ROOT_X86_VERITY SD_ID128_MAKE(d1,3c,5d,3b,b5,d1,42,2a,b2,9f,94,54,fd,c8,9d,76) @@ -97,8 +97,8 @@ _SD_BEGIN_DECLARATIONS; #define SD_GPT_USR_PPC_VERITY SD_ID128_MAKE(df,76,5d,00,27,0e,49,e5,bc,75,f4,7b,b2,11,8b,09) #define SD_GPT_USR_RISCV32_VERITY SD_ID128_MAKE(cb,1e,e4,e3,8c,d0,41,36,a0,a4,aa,61,a3,2e,87,30) #define SD_GPT_USR_RISCV64_VERITY SD_ID128_MAKE(8f,10,56,be,9b,05,47,c4,81,d6,be,53,12,8e,5b,54) -#define SD_GPT_USR_S390X_VERITY SD_ID128_MAKE(31,74,1c,c4,1a,2a,41,11,a5,81,e0,0b,44,7d,2d,06) #define SD_GPT_USR_S390_VERITY SD_ID128_MAKE(b6,63,c6,18,e7,bc,4d,6d,90,aa,11,b7,56,bb,17,97) +#define SD_GPT_USR_S390X_VERITY SD_ID128_MAKE(31,74,1c,c4,1a,2a,41,11,a5,81,e0,0b,44,7d,2d,06) #define SD_GPT_USR_TILEGX_VERITY SD_ID128_MAKE(2f,b4,bf,56,07,fa,42,da,81,32,6b,13,9f,20,26,ae) #define SD_GPT_USR_X86_64_VERITY SD_ID128_MAKE(77,ff,5f,63,e7,b6,46,33,ac,f4,15,65,b8,64,c0,e6) #define SD_GPT_USR_X86_VERITY SD_ID128_MAKE(8f,46,1b,0d,14,ee,4e,81,9a,a9,04,9b,6f,b9,7a,bd) @@ -118,8 +118,8 @@ _SD_BEGIN_DECLARATIONS; #define SD_GPT_ROOT_PPC_VERITY_SIG SD_ID128_MAKE(1b,31,b5,aa,ad,d9,46,3a,b2,ed,bd,46,7f,c8,57,e7) #define SD_GPT_ROOT_RISCV32_VERITY_SIG SD_ID128_MAKE(3a,11,2a,75,87,29,43,80,b4,cf,76,4d,79,93,44,48) #define SD_GPT_ROOT_RISCV64_VERITY_SIG SD_ID128_MAKE(ef,e0,f0,87,ea,8d,44,69,82,1a,4c,2a,96,a8,38,6a) -#define SD_GPT_ROOT_S390X_VERITY_SIG SD_ID128_MAKE(c8,01,87,a5,73,a3,49,1a,90,1a,01,7c,3f,a9,53,e9) #define SD_GPT_ROOT_S390_VERITY_SIG SD_ID128_MAKE(34,82,38,8e,42,54,43,5a,a2,41,76,6a,06,5f,99,60) +#define SD_GPT_ROOT_S390X_VERITY_SIG SD_ID128_MAKE(c8,01,87,a5,73,a3,49,1a,90,1a,01,7c,3f,a9,53,e9) #define SD_GPT_ROOT_TILEGX_VERITY_SIG SD_ID128_MAKE(b3,67,14,39,97,b0,4a,53,90,f7,2d,5a,8f,3a,d4,7b) #define SD_GPT_ROOT_X86_64_VERITY_SIG SD_ID128_MAKE(41,09,2b,05,9f,c8,45,23,99,4f,2d,ef,04,08,b1,76) #define SD_GPT_ROOT_X86_VERITY_SIG SD_ID128_MAKE(59,96,fc,05,10,9c,48,de,80,8b,23,fa,08,30,b6,76) @@ -137,8 +137,8 @@ _SD_BEGIN_DECLARATIONS; #define SD_GPT_USR_PPC_VERITY_SIG SD_ID128_MAKE(70,07,89,1d,d3,71,4a,80,86,a4,5c,b8,75,b9,30,2e) #define SD_GPT_USR_RISCV32_VERITY_SIG SD_ID128_MAKE(c3,83,6a,13,31,37,45,ba,b5,83,b1,6c,50,fe,5e,b4) #define SD_GPT_USR_RISCV64_VERITY_SIG SD_ID128_MAKE(d2,f9,00,0a,7a,18,45,3f,b5,cd,4d,32,f7,7a,7b,32) -#define SD_GPT_USR_S390X_VERITY_SIG SD_ID128_MAKE(3f,32,48,16,66,7b,46,ae,86,ee,9b,0c,0c,6c,11,b4) #define SD_GPT_USR_S390_VERITY_SIG SD_ID128_MAKE(17,44,0e,4f,a8,d0,46,7f,a4,6e,39,12,ae,6e,f2,c5) +#define SD_GPT_USR_S390X_VERITY_SIG SD_ID128_MAKE(3f,32,48,16,66,7b,46,ae,86,ee,9b,0c,0c,6c,11,b4) #define SD_GPT_USR_TILEGX_VERITY_SIG SD_ID128_MAKE(4e,de,75,e2,6c,cc,4c,c8,b9,c7,70,33,4b,08,75,10) #define SD_GPT_USR_X86_64_VERITY_SIG SD_ID128_MAKE(e7,bb,33,fb,06,cf,4e,81,82,73,e5,43,b4,13,e2,e2) #define SD_GPT_USR_X86_VERITY_SIG SD_ID128_MAKE(97,4a,71,c0,de,41,43,c3,be,5d,5c,5c,cd,1a,d2,c0) @@ -253,6 +253,14 @@ _SD_BEGIN_DECLARATIONS; # define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_RISCV64_VERITY # define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_RISCV64_VERITY_SIG +#elif defined(__s390__) && !defined(__s390x__) +# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_S390 +# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_S390_VERITY +# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_S390_VERITY_SIG +# define SD_GPT_USR_NATIVE SD_GPT_USR_S390 +# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_S390_VERITY +# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_S390_VERITY_SIG + #elif defined(__s390x__) # define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_S390X # define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_S390X_VERITY @@ -261,14 +269,6 @@ _SD_BEGIN_DECLARATIONS; # define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_S390X_VERITY # define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_S390X_VERITY_SIG -#elif defined(__s390__) -# define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_S390 -# define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_S390_VERITY -# define SD_GPT_ROOT_NATIVE_VERITY_SIG SD_GPT_ROOT_S390_VERITY_SIG -# define SD_GPT_USR_NATIVE SD_GPT_USR_S390 -# define SD_GPT_USR_NATIVE_VERITY SD_GPT_USR_S390_VERITY -# define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_S390_VERITY_SIG - #elif defined(__tilegx__) # define SD_GPT_ROOT_NATIVE SD_GPT_ROOT_TILEGX # define SD_GPT_ROOT_NATIVE_VERITY SD_GPT_ROOT_TILEGX_VERITY From c6a173ef3b635a2beb2855cb84318e12c5bba9ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 17 Sep 2022 12:02:53 +0200 Subject: [PATCH 6/9] man/systemd-gpt-auto-generator: export type flags by name, trim table We listed many of the root-partition type uuids, but not all. I think the chances of somebody using the discoverable partition magic on an Itanium system are fairly low at this point. So let's remove all architectures except the two most popular consumer architectures. People building Longsoon or RISC-V images are likely to have the online version of the Discoverable Partitions Specifications handy anyway, and it makes the man page easier to read. It also reduces the chances that somebody adding new entries to the table has some select&paste mishap. We've already had this happen in the past and it's fairly nasty bug. We don't need to expose the information in two places with manual propagation between them. --- man/systemd-gpt-auto-generator.xml | 75 +++++++++--------------------- 1 file changed, 21 insertions(+), 54 deletions(-) diff --git a/man/systemd-gpt-auto-generator.xml b/man/systemd-gpt-auto-generator.xml index 1c846a0212..efdecb47a9 100644 --- a/man/systemd-gpt-auto-generator.xml +++ b/man/systemd-gpt-auto-generator.xml @@ -80,91 +80,63 @@ - 44479540-f297-41b2-9af7-d131d5f0458a - Root Partition (x86) - / - On 32-bit x86 systems, the first x86 root partition on the disk the EFI ESP is located on is mounted to the root directory /. - - - 4f68bce3-e8cd-4db1-96e7-fbcaf984b709 + SD_GPT_ROOT_X86_64 4f68bce3-e8cd-4db1-96e7-fbcaf984b709 Root Partition (x86-64) / On 64-bit x86 systems, the first x86-64 root partition on the disk the EFI ESP is located on is mounted to the root directory /. - 69dad710-2ce4-4e3c-b16c-21a1d49abed3 - Root Partition (32-bit ARM) - / - On 32-bit ARM systems, the first ARM root partition on the disk the EFI ESP is located on is mounted to the root directory /. - - - b921b045-1df0-41c3-af44-4c6f280d3fae + SD_GPT_ROOT_ARM64 b921b045-1df0-41c3-af44-4c6f280d3fae Root Partition (64-bit ARM) / On 64-bit ARM systems, the first ARM root partition on the disk the EFI ESP is located on is mounted to the root directory /. - 993d8d3d-f80e-4225-855a-9daf8ed7ea97 - Root Partition (Itanium/IA-64) + + SD_GPT_ROOT_ALPHA SD_GPT_ROOT_ARC SD_GPT_ROOT_ARM SD_GPT_ROOT_ARM64 SD_GPT_ROOT_IA64 SD_GPT_ROOT_LOONGARCH64 SD_GPT_ROOT_MIPS_LE SD_GPT_ROOT_MIPS64_LE SD_GPT_ROOT_PARISC SD_GPT_ROOT_PPC SD_GPT_ROOT_PPC64 SD_GPT_ROOT_PPC64_LE SD_GPT_ROOT_RISCV32 SD_GPT_ROOT_RISCV64 SD_GPT_ROOT_S390 SD_GPT_ROOT_S390X SD_GPT_ROOT_TILEGX SD_GPT_ROOT_X86 SD_GPT_ROOT_X86_64 SD_GPT_USR_ALPHA SD_GPT_USR_ARC SD_GPT_USR_ARM SD_GPT_USR_IA64 SD_GPT_USR_LOONGARCH64 SD_GPT_USR_MIPS_LE SD_GPT_USR_MIPS64_LE SD_GPT_USR_PARISC SD_GPT_USR_PPC SD_GPT_USR_PPC64 SD_GPT_USR_PPC64_LE SD_GPT_USR_RISCV32 SD_GPT_USR_RISCV64 SD_GPT_USR_S390 SD_GPT_USR_S390X SD_GPT_USR_TILEGX SD_GPT_USR_X86 + + root partitions for other architectures / - On Itanium systems, the first Itanium root partition on the disk the EFI ESP is located on is mounted to the root directory /. + For the full list, see Discoverable Partitions Specification. - 77055800-792c-4f94-b39a-98c91b762bb6 - Root Partition (LoongArch 64) - / - On LoongArch 64-bit systems, the first LoongArch 64-bit root partition on the disk the EFI ESP is located on is mounted to the root directory /. - - - 60d5a7fe-8e7d-435c-b714-3dd8162144e1 - Root Partition (RISCV-V 32) - / - On RISC-V 32-bit systems, the first RISCV-V 32-bit root partition on the disk the EFI ESP is located on is mounted to the root directory /. - - - 72ec70a6-cf74-40e6-bd49-4bda08e8f224 - Root Partition (RISCV-V 64) - / - On RISC-V 64-bit systems, the first RISCV-V 64-bit root partition on the disk the EFI ESP is located on is mounted to the root directory /. - - - 933ac7e1-2eb4-4f13-b844-0e14e2aef915 + SD_GPT_HOME 933ac7e1-2eb4-4f13-b844-0e14e2aef915 Home Partition /home/ The first home partition on the disk the root partition is located on is mounted to /home/. - 3b8f8425-20e0-4f3b-907f-1a25a76f98e8 + SD_GPT_SRV 3b8f8425-20e0-4f3b-907f-1a25a76f98e8 Server Data Partition /srv/ The first server data partition on the disk the root partition is located on is mounted to /srv/. - 4d21b016-b534-45c2-a9fb-5c16e091fd2d + SD_GPT_VAR 4d21b016-b534-45c2-a9fb-5c16e091fd2d Variable Data Partition /var/ The first variable data partition on the disk the root partition is located on is mounted to /var/ — under the condition its partition UUID matches the first 128 bit of the HMAC-SHA256 of the GPT type uuid of this partition keyed by the machine ID of the installation stored in machine-id5. - 7ec6f557-3bc5-4aca-b293-16ef5df639d1 + SD_GPT_TMP 7ec6f557-3bc5-4aca-b293-16ef5df639d1 Temporary Data Partition /var/tmp/ The first temporary data partition on the disk the root partition is located on is mounted to /var/tmp/. - 0657fd6d-a4ab-43c4-84e5-0933c84b4f4f + SD_GPT_SWAP 0657fd6d-a4ab-43c4-84e5-0933c84b4f4f Swap n/a All swap partitions located on the disk the root partition is located on are enabled. - c12a7328-f81f-11d2-ba4b-00a0c93ec93b + SD_GPT_ESP c12a7328-f81f-11d2-ba4b-00a0c93ec93b EFI System Partition (ESP) /efi/ or /boot/ The first ESP located on the disk the root partition is located on is mounted to /boot/ or /efi/, see below. - bc13c2ff-59e6-4262-a352-b275fd6f7172 + SD_GPT_XBOOTLDR bc13c2ff-59e6-4262-a352-b275fd6f7172 Extended Boot Loader Partition /boot/ The first Extended Boot Loader Partition is mounted to /boot/, see below. @@ -176,38 +148,33 @@ This generator understands the following attribute flags for partitions: - Partition Attributes - - - + Partition Attribute Flags + + - Name - Value + Flag Applicable to Explanation - SD_GPT_FLAG_READ_ONLY - 0x1000000000000000 + SD_GPT_FLAG_READ_ONLY 0x1000000000000000 /, /home/, /srv/, /var/, /var/tmp/, Extended Boot Loader Partition Partition is mounted read-only - SD_GPT_FLAG_NO_AUTO - 0x8000000000000000 + SD_GPT_FLAG_NO_AUTO 0x8000000000000000 /, /home/, /srv/, /var/, /var/tmp/, Extended Boot Loader Partition Partition is not mounted automatically - SD_GPT_FLAG_NO_BLOCK_IO_PROTOCOL - 0x0000000000000002 + SD_GPT_FLAG_NO_BLOCK_IO_PROTOCOL 0x0000000000000002 EFI System Partition (ESP) Partition is not mounted automatically From 6d88188249e254b28db15643803b6ec552c9d393 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 17 Sep 2022 12:19:31 +0200 Subject: [PATCH 7/9] man/systemd-gpt-auto-generator: reword phrasing about partition location MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "located on the same disk as the ESP is located on" is hard to grok. Let's use more natural phrasing. Also, we shouldn't say that "The first foo partition … is mounted to …", because this doesn't explain what is happening. The partition could be empty, and there could be other partitions with the "foo" content, but what matters is the UUID. --- man/systemd-gpt-auto-generator.xml | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/man/systemd-gpt-auto-generator.xml b/man/systemd-gpt-auto-generator.xml index efdecb47a9..8ad249ec5d 100644 --- a/man/systemd-gpt-auto-generator.xml +++ b/man/systemd-gpt-auto-generator.xml @@ -42,8 +42,8 @@ units this generator creates are overridden, but additional implicit dependencies might be created. - This generator will only look for the root partition on the same physical disk the EFI System - Partition (ESP) is located on. Note that support from the boot loader is required: the EFI variable + This generator will only look for the root partition on the same physical disk where the EFI System + Partition (ESP) is located. Note that support from the boot loader is required: the EFI variable LoaderDevicePartUUID of the 4a67b082-0a4c-41cf-b6c7-440b29bb8c4f vendor UUID is used to determine from which partition, and hence the disk from which the system was booted. If the boot loader does not set this variable, this generator will not be able to autodetect the @@ -83,13 +83,13 @@ SD_GPT_ROOT_X86_64 4f68bce3-e8cd-4db1-96e7-fbcaf984b709 Root Partition (x86-64) / - On 64-bit x86 systems, the first x86-64 root partition on the disk the EFI ESP is located on is mounted to the root directory /. + The first partition with this type UUID, located on the same disk as the ESP, is used as the root file system / on AMD64 / 64-bit x86 systems. SD_GPT_ROOT_ARM64 b921b045-1df0-41c3-af44-4c6f280d3fae Root Partition (64-bit ARM) / - On 64-bit ARM systems, the first ARM root partition on the disk the EFI ESP is located on is mounted to the root directory /. + The first partition with this type UUID, located on the same disk as the ESP, is used as the root file system / on AArch64 / 64-bit ARM systems. @@ -97,49 +97,49 @@ root partitions for other architectures / - For the full list, see Discoverable Partitions Specification. + The first partition with the type UUID matching the architecture, located on the same disk as the ESP, is used as the root file system /. For the full list and constant values, see Discoverable Partitions Specification. SD_GPT_HOME 933ac7e1-2eb4-4f13-b844-0e14e2aef915 Home Partition /home/ - The first home partition on the disk the root partition is located on is mounted to /home/. + The first partition with this type UUID on the same disk as the ESP is mounted to /home/. SD_GPT_SRV 3b8f8425-20e0-4f3b-907f-1a25a76f98e8 Server Data Partition /srv/ - The first server data partition on the disk the root partition is located on is mounted to /srv/. + The first partition with this type UUID on the same disk as the ESP is mounted to /srv/. SD_GPT_VAR 4d21b016-b534-45c2-a9fb-5c16e091fd2d Variable Data Partition /var/ - The first variable data partition on the disk the root partition is located on is mounted to /var/ — under the condition its partition UUID matches the first 128 bit of the HMAC-SHA256 of the GPT type uuid of this partition keyed by the machine ID of the installation stored in machine-id5. + The first partition with this type UUID on the same disk as the ESP is mounted to /var/ — under the condition its partition UUID matches the first 128 bit of the HMAC-SHA256 of the GPT type uuid of this partition keyed by the machine ID of the installation stored in machine-id5. SD_GPT_TMP 7ec6f557-3bc5-4aca-b293-16ef5df639d1 Temporary Data Partition /var/tmp/ - The first temporary data partition on the disk the root partition is located on is mounted to /var/tmp/. + The first partition with this type UUID on the same disk as the ESP is mounted to /var/tmp/. SD_GPT_SWAP 0657fd6d-a4ab-43c4-84e5-0933c84b4f4f Swap n/a - All swap partitions located on the disk the root partition is located on are enabled. + All partitions with this type UUID on the same disk as the ESP are used as swap. SD_GPT_ESP c12a7328-f81f-11d2-ba4b-00a0c93ec93b EFI System Partition (ESP) /efi/ or /boot/ - The first ESP located on the disk the root partition is located on is mounted to /boot/ or /efi/, see below. + The first partition with this type UUID located on the same disk as the root partition is mounted to /boot/ or /efi/, see below. SD_GPT_XBOOTLDR bc13c2ff-59e6-4262-a352-b275fd6f7172 Extended Boot Loader Partition /boot/ - The first Extended Boot Loader Partition is mounted to /boot/, see below. + The first partition with this type UUID located on the same disk as the root partition is mounted to /boot/, see below. From da7dfd8ef5bc055a9e723807c38de4b3c407387d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sat, 17 Sep 2022 13:01:11 +0200 Subject: [PATCH 8/9] docs/DPS: use the SD_GPT_* constants here too --- TODO | 1 - docs/DISCOVERABLE_PARTITIONS.md | 292 +++++++++++++------------- tools/list-discoverable-partitions.py | 9 +- 3 files changed, 151 insertions(+), 151 deletions(-) diff --git a/TODO b/TODO index d5380a96f7..2a9a700568 100644 --- a/TODO +++ b/TODO @@ -1898,7 +1898,6 @@ Features: - in particular an example how to do the equivalent of switching runlevels - man: maybe sort directives in man pages, and take sections from --help and apply them to man too - document root=gpt-auto properly - - SD_GPT_FLAG_GROWFS is not documented at all. SD_GPT_FLAG_* should be documented in Discoverable Partitions. * systemctl: - add systemctl switch to dump transaction without executing it diff --git a/docs/DISCOVERABLE_PARTITIONS.md b/docs/DISCOVERABLE_PARTITIONS.md index 90cf43f094..936eb14065 100644 --- a/docs/DISCOVERABLE_PARTITIONS.md +++ b/docs/DISCOVERABLE_PARTITIONS.md @@ -41,129 +41,129 @@ boot loader communicates this information to the OS, by implementing the | Name | Partition Type UUID | Allowed File Systems | Explanation | |------|---------------------|----------------------|-------------| -| _Root Partition (Alpha)_ | `6523f8ae-3eb1-4e2a-a05a-18b695ae656f` | Any native, optionally in LUKS | On systems with matching architecture, the first partition with this type UUID on the disk containing the active EFI ESP is automatically mounted to the root directory `/`. If the partition is encrypted with LUKS or has dm-verity integrity data (see below), the device mapper file will be named `/dev/mapper/root`. | -| _Root Partition (ARC)_ | `d27f46ed-2919-4cb8-bd25-9531f3c16534` | ditto | ditto | -| _Root Partition (32-bit ARM)_ | `69dad710-2ce4-4e3c-b16c-21a1d49abed3` | ditto | ditto | -| _Root Partition (64-bit ARM/AArch64)_ | `b921b045-1df0-41c3-af44-4c6f280d3fae` | ditto | ditto | -| _Root Partition (Itanium/IA-64)_ | `993d8d3d-f80e-4225-855a-9daf8ed7ea97` | ditto | ditto | -| _Root Partition (LoongArch 64-bit)_ | `77055800-792c-4f94-b39a-98c91b762bb6` | ditto | ditto | -| _Root Partition (32-bit MIPS LittleEndian (mipsel))_ | `37c58c8a-d913-4156-a25f-48b1b64e07f0` | ditto | ditto | -| _Root Partition (64-bit MIPS LittleEndian (mips64el))_ | `700bda43-7a34-4507-b179-eeb93d7a7ca3` | ditto | ditto | -| _Root Partition (HPPA/PARISC)_ | `1aacdb3b-5444-4138-bd9e-e5c2239b2346` | ditto | ditto | -| _Root Partition (32-bit PowerPC)_ | `1de3f1ef-fa98-47b5-8dcd-4a860a654d78` | ditto | ditto | -| _Root Partition (64-bit PowerPC BigEndian)_ | `912ade1d-a839-4913-8964-a10eee08fbd2` | ditto | ditto | -| _Root Partition (64-bit PowerPC LittleEndian)_ | `c31c45e6-3f39-412e-80fb-4809c4980599` | ditto | ditto | -| _Root Partition (RISC-V 32-bit)_ | `60d5a7fe-8e7d-435c-b714-3dd8162144e1` | ditto | ditto | -| _Root Partition (RISC-V 64-bit)_ | `72ec70a6-cf74-40e6-bd49-4bda08e8f224` | ditto | ditto | -| _Root Partition (s390)_ | `08a7acea-624c-4a20-91e8-6e0fa67d23f9` | ditto | ditto | -| _Root Partition (s390x)_ | `5eead9a9-fe09-4a1e-a1d7-520d00531306` | ditto | ditto | -| _Root Partition (TILE-Gx)_ | `c50cdd70-3862-4cc3-90e1-809a8c93ee2c` | ditto | ditto | -| _Root Partition (x86)_ | `44479540-f297-41b2-9af7-d131d5f0458a` | ditto | ditto | -| _Root Partition (amd64/x86_64)_ | `4f68bce3-e8cd-4db1-96e7-fbcaf984b709` | ditto | ditto | -| _`/usr/` Partition (Alpha)_ | `e18cf08c-33ec-4c0d-8246-c6c6fb3da024` | Any native, optionally in LUKS | Similar semantics to root partition, but just the `/usr/` partition. | -| _`/usr/` Partition (ARC)_ | `7978a683-6316-4922-bbee-38bff5a2fecc` | ditto | ditto | -| _`/usr/` Partition (32-bit ARM)_ | `7d0359a3-02b3-4f0a-865c-654403e70625` | ditto | ditto | -| _`/usr/` Partition (64-bit ARM/AArch64)_ | `b0e01050-ee5f-4390-949a-9101b17104e9` | ditto | ditto | -| _`/usr/` Partition (Itanium/IA-64)_ | `4301d2a6-4e3b-4b2a-bb94-9e0b2c4225ea` | ditto | ditto | -| _`/usr/` Partition (LoongArch 64-bit)_ | `e611c702-575c-4cbe-9a46-434fa0bf7e3f` | ditto | ditto | -| _`/usr/` Partition (32-bit MIPS LittleEndian (mipsel))_ | `0f4868e9-9952-4706-979f-3ed3a473e947` | ditto | ditto | -| _`/usr/` Partition (64-bit MIPS LittleEndian (mips64el))_ | `c97c1f32-ba06-40b4-9f22-236061b08aa8` | ditto | ditto | -| _`/usr/` Partition (HPPA/PARISC)_ | `dc4a4480-6917-4262-a4ec-db9384949f25` | ditto | ditto | -| _`/usr/` Partition (32-bit PowerPC)_ | `7d14fec5-cc71-415d-9d6c-06bf0b3c3eaf` | ditto | ditto | -| _`/usr/` Partition (64-bit PowerPC BigEndian)_ | `2c9739e2-f068-46b3-9fd0-01c5a9afbcca` | ditto | ditto | -| _`/usr/` Partition (64-bit PowerPC LittleEndian)_ | `15bb03af-77e7-4d4a-b12b-c0d084f7491c` | ditto | ditto | -| _`/usr/` Partition (RISC-V 32-bit)_ | `b933fb22-5c3f-4f91-af90-e2bb0fa50702` | ditto | ditto | -| _`/usr/` Partition (RISC-V 64-bit)_ | `beaec34b-8442-439b-a40b-984381ed097d` | ditto | ditto | -| _`/usr/` Partition (s390)_ | `cd0f869b-d0fb-4ca0-b141-9ea87cc78d66` | ditto | ditto | -| _`/usr/` Partition (s390x)_ | `8a4f5770-50aa-4ed3-874a-99b710db6fea` | ditto | ditto | -| _`/usr/` Partition (TILE-Gx)_ | `55497029-c7c1-44cc-aa39-815ed1558630` | ditto | ditto | -| _`/usr/` Partition (x86)_ | `75250d76-8cc6-458e-bd66-bd47cc81a812` | ditto | ditto | -| _`/usr/` Partition (amd64/x86_64)_ | `8484680c-9521-48c6-9c11-b0720656f69e` | ditto | ditto | -| _Root Verity Partition (Alpha)_ | `fc56d9e9-e6e5-4c06-be32-e74407ce09a5` | A dm-verity superblock followed by hash data | Contains dm-verity integrity hash data for the matching root partition. If this feature is used the partition UUID of the root partition should be the first 128 bits of the root hash of the dm-verity hash data, and the partition UUID of this dm-verity partition should be the final 128 bits of it, so that the root partition and its Verity partition can be discovered easily, simply by specifying the root hash. | -| _Root Verity Partition (ARC)_ | `24b2d975-0f97-4521-afa1-cd531e421b8d` | ditto | ditto | -| _Root Verity Partition (32-bit ARM)_ | `7386cdf2-203c-47a9-a498-f2ecce45a2d6` | ditto | ditto | -| _Root Verity Partition (64-bit ARM/AArch64)_ | `df3300ce-d69f-4c92-978c-9bfb0f38d820` | ditto | ditto | -| _Root Verity Partition (Itanium/IA-64)_ | `86ed10d5-b607-45bb-8957-d350f23d0571` | ditto | ditto | -| _Root Verity Partition (LoongArch 64-bit)_ | `f3393b22-e9af-4613-a948-9d3bfbd0c535` | ditto | ditto | -| _Root Verity Partition (32-bit MIPS LittleEndian (mipsel))_ | `d7d150d2-2a04-4a33-8f12-16651205ff7b` | ditto | ditto | -| _Root Verity Partition (64-bit MIPS LittleEndian (mips64el))_ | `16b417f8-3e06-4f57-8dd2-9b5232f41aa6` | ditto | ditto | -| _Root Verity Partition (HPPA/PARISC)_ | `d212a430-fbc5-49f9-a983-a7feef2b8d0e` | ditto | ditto | -| _Root Verity Partition (64-bit PowerPC LittleEndian)_ | `906bd944-4589-4aae-a4e4-dd983917446a` | ditto | ditto | -| _Root Verity Partition (64-bit PowerPC BigEndian)_ | `9225a9a3-3c19-4d89-b4f6-eeff88f17631` | ditto | ditto | -| _Root Verity Partition (32-bit PowerPC)_ | `98cfe649-1588-46dc-b2f0-add147424925` | ditto | ditto | -| _Root Verity Partition (RISC-V 32-bit)_ | `ae0253be-1167-4007-ac68-43926c14c5de` | ditto | ditto | -| _Root Verity Partition (RISC-V 64-bit)_ | `b6ed5582-440b-4209-b8da-5ff7c419ea3d` | ditto | ditto | -| _Root Verity Partition (s390)_ | `7ac63b47-b25c-463b-8df8-b4a94e6c90e1` | ditto | ditto | -| _Root Verity Partition (s390x)_ | `b325bfbe-c7be-4ab8-8357-139e652d2f6b` | ditto | ditto | -| _Root Verity Partition (TILE-Gx)_ | `966061ec-28e4-4b2e-b4a5-1f0a825a1d84` | ditto | ditto | -| _Root Verity Partition (amd64/x86_64)_ | `2c7357ed-ebd2-46d9-aec1-23d437ec2bf5` | ditto | ditto | -| _Root Verity Partition (x86)_ | `d13c5d3b-b5d1-422a-b29f-9454fdc89d76` | ditto | ditto | -| _`/usr/` Verity Partition (Alpha)_ | `8cce0d25-c0d0-4a44-bd87-46331bf1df67` | A dm-verity superblock followed by hash data | Similar semantics to root Verity partition, but just for the `/usr/` partition. | -| _`/usr/` Verity Partition (ARC)_ | `fca0598c-d880-4591-8c16-4eda05c7347c` | ditto | ditto | -| _`/usr/` Verity Partition (32-bit ARM)_ | `c215d751-7bcd-4649-be90-6627490a4c05` | ditto | ditto | -| _`/usr/` Verity Partition (64-bit ARM/AArch64)_ | `6e11a4e7-fbca-4ded-b9e9-e1a512bb664e` | ditto | ditto | -| _`/usr/` Verity Partition (Itanium/IA-64)_ | `6a491e03-3be7-4545-8e38-83320e0ea880` | ditto | ditto | -| _`/usr/` Verity Partition (LoongArch 64-bit)_ | `f46b2c26-59ae-48f0-9106-c50ed47f673d` | ditto | ditto | -| _`/usr/` Verity Partition (32-bit MIPS LittleEndian (mipsel))_ | `46b98d8d-b55c-4e8f-aab3-37fca7f80752` | ditto | ditto | -| _`/usr/` Verity Partition (64-bit MIPS LittleEndian (mips64el))_ | `3c3d61fe-b5f3-414d-bb71-8739a694a4ef` | ditto | ditto | -| _`/usr/` Verity Partition (HPPA/PARISC)_ | `5843d618-ec37-48d7-9f12-cea8e08768b2` | ditto | ditto | -| _`/usr/` Verity Partition (64-bit PowerPC LittleEndian)_ | `ee2b9983-21e8-4153-86d9-b6901a54d1ce` | ditto | ditto | -| _`/usr/` Verity Partition (64-bit PowerPC BigEndian)_ | `bdb528a5-a259-475f-a87d-da53fa736a07` | ditto | ditto | -| _`/usr/` Verity Partition (32-bit PowerPC)_ | `df765d00-270e-49e5-bc75-f47bb2118b09` | ditto | ditto | -| _`/usr/` Verity Partition (RISC-V 32-bit)_ | `cb1ee4e3-8cd0-4136-a0a4-aa61a32e8730` | ditto | ditto | -| _`/usr/` Verity Partition (RISC-V 64-bit)_ | `8f1056be-9b05-47c4-81d6-be53128e5b54` | ditto | ditto | -| _`/usr/` Verity Partition (s390)_ | `b663c618-e7bc-4d6d-90aa-11b756bb1797` | ditto | ditto | -| _`/usr/` Verity Partition (s390x)_ | `31741cc4-1a2a-4111-a581-e00b447d2d06` | ditto | ditto | -| _`/usr/` Verity Partition (TILE-Gx)_ | `2fb4bf56-07fa-42da-8132-6b139f2026ae` | ditto | ditto | -| _`/usr/` Verity Partition (amd64/x86_64)_ | `77ff5f63-e7b6-4633-acf4-1565b864c0e6` | ditto | ditto | -| _`/usr/` Verity Partition (x86)_ | `8f461b0d-14ee-4e81-9aa9-049b6fb97abd` | ditto | ditto | -| _Root Verity Signature Partition (Alpha)_ | `d46495b7-a053-414f-80f7-700c99921ef8` | A serialized JSON object, see below | Contains a root hash and a PKCS#7 signature for it, permitting signed dm-verity GPT images. | -| _Root Verity Signature Partition (ARC)_ | `143a70ba-cbd3-4f06-919f-6c05683a78bc` | ditto | ditto | -| _Root Verity Signature Partition (32-bit ARM)_ | `42b0455f-eb11-491d-98d3-56145ba9d037` | ditto | ditto | -| _Root Verity Signature Partition (64-bit ARM/AArch64)_ | `6db69de6-29f4-4758-a7a5-962190f00ce3` | ditto | ditto | -| _Root Verity Signature Partition (Itanium/IA-64)_ | `e98b36ee-32ba-4882-9b12-0ce14655f46a` | ditto | ditto | -| _Root Verity Signature Partition (LoongArch 64-bit)_ | `5afb67eb-ecc8-4f85-ae8e-ac1e7c50e7d0` | ditto | ditto | -| _Root Verity Signature Partition (32-bit MIPS LittleEndian (mipsel))_ | `c919cc1f-4456-4eff-918c-f75e94525ca5` | ditto | ditto | -| _Root Verity Signature Partition (64-bit MIPS LittleEndian (mips64el))_ | `904e58ef-5c65-4a31-9c57-6af5fc7c5de7` | ditto | ditto | -| _Root Verity Signature Partition (HPPA/PARISC)_ | `15de6170-65d3-431c-916e-b0dcd8393f25` | ditto | ditto | -| _Root Verity Signature Partition (64-bit PowerPC LittleEndian)_ | `d4a236e7-e873-4c07-bf1d-bf6cf7f1c3c6` | ditto | ditto | -| _Root Verity Signature Partition (64-bit PowerPC BigEndian)_ | `f5e2c20c-45b2-4ffa-bce9-2a60737e1aaf` | ditto | ditto | -| _Root Verity Signature Partition (32-bit PowerPC)_ | `1b31b5aa-add9-463a-b2ed-bd467fc857e7` | ditto | ditto | -| _Root Verity Signature Partition (RISC-V 32-bit)_ | `3a112a75-8729-4380-b4cf-764d79934448` | ditto | ditto | -| _Root Verity Signature Partition (RISC-V 64-bit)_ | `efe0f087-ea8d-4469-821a-4c2a96a8386a` | ditto | ditto | -| _Root Verity Signature Partition (s390)_ | `3482388e-4254-435a-a241-766a065f9960` | ditto | ditto | -| _Root Verity Signature Partition (s390x)_ | `c80187a5-73a3-491a-901a-017c3fa953e9` | ditto | ditto | -| _Root Verity Signature Partition (TILE-Gx)_ | `b3671439-97b0-4a53-90f7-2d5a8f3ad47b` | ditto | ditto | -| _Root Verity Signature Partition (amd64/x86_64)_ | `41092b05-9fc8-4523-994f-2def0408b176` | ditto | ditto | -| _Root Verity Signature Partition (x86)_ | `5996fc05-109c-48de-808b-23fa0830b676` | ditto | ditto | -| _`/usr/` Verity Signature Partition (Alpha)_ | `5c6e1c76-076a-457a-a0fe-f3b4cd21ce6e` | A serialized JSON object, see below | Similar semantics to root Verity signature partition, but just for the `/usr/` partition. | -| _`/usr/` Verity Signature Partition (ARC)_ | `94f9a9a1-9971-427a-a400-50cb297f0f35` | ditto | ditto | -| _`/usr/` Verity Signature Partition (32-bit ARM)_ | `d7ff812f-37d1-4902-a810-d76ba57b975a` | ditto | ditto | -| _`/usr/` Verity Signature Partition (64-bit ARM/AArch64)_ | `c23ce4ff-44bd-4b00-b2d4-b41b3419e02a` | ditto | ditto | -| _`/usr/` Verity Signature Partition (Itanium/IA-64)_ | `8de58bc2-2a43-460d-b14e-a76e4a17b47f` | ditto | ditto | -| _`/usr/` Verity Signature Partition (LoongArch 64-bit)_ | `b024f315-d330-444c-8461-44bbde524e99` | ditto | ditto | -| _`/usr/` Verity Signature Partition (32-bit MIPS LittleEndian (mipsel))_ | `3e23ca0b-a4bc-4b4e-8087-5ab6a26aa8a9` | ditto | ditto | -| _`/usr/` Verity Signature Partition (64-bit MIPS LittleEndian (mips64el))_ | `f2c2c7ee-adcc-4351-b5c6-ee9816b66e16` | ditto | ditto | -| _`/usr/` Verity Signature Partition (HPPA/PARISC)_ | `450dd7d1-3224-45ec-9cf2-a43a346d71ee` | ditto | ditto | -| _`/usr/` Verity Signature Partition (64-bit PowerPC LittleEndian)_ | `c8bfbd1e-268e-4521-8bba-bf314c399557` | ditto | ditto | -| _`/usr/` Verity Signature Partition (64-bit PowerPC BigEndian)_ | `0b888863-d7f8-4d9e-9766-239fce4d58af` | ditto | ditto | -| _`/usr/` Verity Signature Partition (32-bit PowerPC)_ | `7007891d-d371-4a80-86a4-5cb875b9302e` | ditto | ditto | -| _`/usr/` Verity Signature Partition (RISC-V 32-bit)_ | `c3836a13-3137-45ba-b583-b16c50fe5eb4` | ditto | ditto | -| _`/usr/` Verity Signature Partition (RISC-V 64-bit)_ | `d2f9000a-7a18-453f-b5cd-4d32f77a7b32` | ditto | ditto | -| _`/usr/` Verity Signature Partition (s390)_ | `17440e4f-a8d0-467f-a46e-3912ae6ef2c5` | ditto | ditto | -| _`/usr/` Verity Signature Partition (s390x)_ | `3f324816-667b-46ae-86ee-9b0c0c6c11b4` | ditto | ditto | -| _`/usr/` Verity Signature Partition (TILE-Gx)_ | `4ede75e2-6ccc-4cc8-b9c7-70334b087510` | ditto | ditto | -| _`/usr/` Verity Signature Partition (amd64/x86_64)_ | `e7bb33fb-06cf-4e81-8273-e543b413e2e2` | ditto | ditto | -| _`/usr/` Verity Signature Partition (x86)_ | `974a71c0-de41-43c3-be5d-5c5ccd1ad2c0` | ditto | ditto | -| _EFI System Partition_ | `c12a7328-f81f-11d2-ba4b-00a0c93ec93b` | VFAT | The ESP used for the current boot is automatically mounted to `/efi/` (or `/boot/` as fallback), unless a different partition is mounted there (possibly via `/etc/fstab`, or because the Extended Boot Loader Partition — see below — exists) or the directory is non-empty on the root disk. This partition type is defined by the [UEFI Specification](http://www.uefi.org/specifications). | -| _Extended Boot Loader Partition_ | `bc13c2ff-59e6-4262-a352-b275fd6f7172` | Typically VFAT | The Extended Boot Loader Partition (XBOOTLDR) used for the current boot is automatically mounted to `/boot/`, unless a different partition is mounted there (possibly via `/etc/fstab`) or the directory is non-empty on the root disk. This partition type is defined by the [Boot Loader Specification](BOOT_LOADER_SPECIFICATION.md). | -| _Swap_ | `0657fd6d-a4ab-43c4-84e5-0933c84b4f4f` | Swap, optionally in LUKS | All swap partitions on the disk containing the root partition are automatically enabled. If the partition is encrypted with LUKS, the device mapper file will be named `/dev/mapper/swap`. This partition type predates the Discoverable Partitions Specification. | -| _Home Partition_ | `933ac7e1-2eb4-4f13-b844-0e14e2aef915` | Any native, optionally in LUKS | The first partition with this type UUID on the disk containing the root partition is automatically mounted to `/home/`. If the partition is encrypted with LUKS, the device mapper file will be named `/dev/mapper/home`. | -| _Server Data Partition_ | `3b8f8425-20e0-4f3b-907f-1a25a76f98e8` | Any native, optionally in LUKS | The first partition with this type UUID on the disk containing the root partition is automatically mounted to `/srv/`. If the partition is encrypted with LUKS, the device mapper file will be named `/dev/mapper/srv`. | -| _Variable Data Partition_ | `4d21b016-b534-45c2-a9fb-5c16e091fd2d` | Any native, optionally in LUKS | The first partition with this type UUID on the disk containing the root partition is automatically mounted to `/var/` — under the condition that its partition UUID matches the first 128 bits of `HMAC-SHA256(machine-id, 0x4d21b016b53445c2a9fb5c16e091fd2d)` (i.e. the SHA256 HMAC hash of the binary type UUID keyed by the machine ID as read from [`/etc/machine-id`](https://www.freedesktop.org/software/systemd/man/machine-id.html). This special requirement is made because `/var/` (unlike the other partition types listed here) is inherently private to a specific installation and cannot possibly be shared between multiple OS installations on the same disk, and thus should be bound to a specific instance of the OS, identified by its machine ID. If the partition is encrypted with LUKS, the device mapper file will be named `/dev/mapper/var`. | -| _Temporary Data Partition_ | `7ec6f557-3bc5-4aca-b293-16ef5df639d1` | Any native, optionally in LUKS | The first partition with this type UUID on the disk containing the root partition is automatically mounted to `/var/tmp/`. If the partition is encrypted with LUKS, the device mapper file will be named `/dev/mapper/tmp`. Note that the intended mount point is indeed `/var/tmp/`, not `/tmp/`. The latter is typically maintained in memory via `tmpfs` and does not require a partition on disk. In some cases it might be desirable to make `/tmp/` persistent too, in which case it is recommended to make it a symlink or bind mount to `/var/tmp/`, thus not requiring its own partition type UUID. | -| _Per-user Home Partition_ | `773f91ef-66d4-49b5-bd83-d683bf40ad16` | Any native, optionally in LUKS | A home partition of a user, managed by [`systemd-homed`](https://www.freedesktop.org/software/systemd/man/systemd-homed.html). | -| _Generic Linux Data Partition_ | `0fc63daf-8483-4772-8e79-3d69d8477de4` | Any native, optionally in LUKS | No automatic mounting takes place for other Linux data partitions. This partition type should be used for all partitions that carry Linux file systems. The installer needs to mount them explicitly via entries in `/etc/fstab`. Optionally, these partitions may be encrypted with LUKS. This partition type predates the Discoverable Partitions Specification. | +| _Root Partition (Alpha)_ | `6523f8ae-3eb1-4e2a-a05a-18b695ae656f` `SD_GPT_ROOT_ALPHA` | Any native, optionally in LUKS | On systems with matching architecture, the first partition with this type UUID on the disk containing the active EFI ESP is automatically mounted to the root directory `/`. If the partition is encrypted with LUKS or has dm-verity integrity data (see below), the device mapper file will be named `/dev/mapper/root`. | +| _Root Partition (ARC)_ | `d27f46ed-2919-4cb8-bd25-9531f3c16534` `SD_GPT_ROOT_ARC` | ditto | ditto | +| _Root Partition (32-bit ARM)_ | `69dad710-2ce4-4e3c-b16c-21a1d49abed3` `SD_GPT_ROOT_ARM` | ditto | ditto | +| _Root Partition (64-bit ARM/AArch64)_ | `b921b045-1df0-41c3-af44-4c6f280d3fae` `SD_GPT_ROOT_ARM64` | ditto | ditto | +| _Root Partition (Itanium/IA-64)_ | `993d8d3d-f80e-4225-855a-9daf8ed7ea97` `SD_GPT_ROOT_IA64` | ditto | ditto | +| _Root Partition (LoongArch 64-bit)_ | `77055800-792c-4f94-b39a-98c91b762bb6` `SD_GPT_ROOT_LOONGARCH64` | ditto | ditto | +| _Root Partition (32-bit MIPS LittleEndian (mipsel))_ | `37c58c8a-d913-4156-a25f-48b1b64e07f0` `SD_GPT_ROOT_MIPS_LE` | ditto | ditto | +| _Root Partition (64-bit MIPS LittleEndian (mips64el))_ | `700bda43-7a34-4507-b179-eeb93d7a7ca3` `SD_GPT_ROOT_MIPS64_LE` | ditto | ditto | +| _Root Partition (HPPA/PARISC)_ | `1aacdb3b-5444-4138-bd9e-e5c2239b2346` `SD_GPT_ROOT_PARISC` | ditto | ditto | +| _Root Partition (32-bit PowerPC)_ | `1de3f1ef-fa98-47b5-8dcd-4a860a654d78` `SD_GPT_ROOT_PPC` | ditto | ditto | +| _Root Partition (64-bit PowerPC BigEndian)_ | `912ade1d-a839-4913-8964-a10eee08fbd2` `SD_GPT_ROOT_PPC64` | ditto | ditto | +| _Root Partition (64-bit PowerPC LittleEndian)_ | `c31c45e6-3f39-412e-80fb-4809c4980599` `SD_GPT_ROOT_PPC64_LE` | ditto | ditto | +| _Root Partition (RISC-V 32-bit)_ | `60d5a7fe-8e7d-435c-b714-3dd8162144e1` `SD_GPT_ROOT_RISCV32` | ditto | ditto | +| _Root Partition (RISC-V 64-bit)_ | `72ec70a6-cf74-40e6-bd49-4bda08e8f224` `SD_GPT_ROOT_RISCV64` | ditto | ditto | +| _Root Partition (s390)_ | `08a7acea-624c-4a20-91e8-6e0fa67d23f9` `SD_GPT_ROOT_S390` | ditto | ditto | +| _Root Partition (s390x)_ | `5eead9a9-fe09-4a1e-a1d7-520d00531306` `SD_GPT_ROOT_S390X` | ditto | ditto | +| _Root Partition (TILE-Gx)_ | `c50cdd70-3862-4cc3-90e1-809a8c93ee2c` `SD_GPT_ROOT_TILEGX` | ditto | ditto | +| _Root Partition (x86)_ | `44479540-f297-41b2-9af7-d131d5f0458a` `SD_GPT_ROOT_X86` | ditto | ditto | +| _Root Partition (amd64/x86_64)_ | `4f68bce3-e8cd-4db1-96e7-fbcaf984b709` `SD_GPT_ROOT_X86_64` | ditto | ditto | +| _`/usr/` Partition (Alpha)_ | `e18cf08c-33ec-4c0d-8246-c6c6fb3da024` `SD_GPT_USR_ALPHA` | Any native, optionally in LUKS | Similar semantics to root partition, but just the `/usr/` partition. | +| _`/usr/` Partition (ARC)_ | `7978a683-6316-4922-bbee-38bff5a2fecc` `SD_GPT_USR_ARC` | ditto | ditto | +| _`/usr/` Partition (32-bit ARM)_ | `7d0359a3-02b3-4f0a-865c-654403e70625` `SD_GPT_USR_ARM` | ditto | ditto | +| _`/usr/` Partition (64-bit ARM/AArch64)_ | `b0e01050-ee5f-4390-949a-9101b17104e9` `SD_GPT_USR_ARM64` | ditto | ditto | +| _`/usr/` Partition (Itanium/IA-64)_ | `4301d2a6-4e3b-4b2a-bb94-9e0b2c4225ea` `SD_GPT_USR_IA64` | ditto | ditto | +| _`/usr/` Partition (LoongArch 64-bit)_ | `e611c702-575c-4cbe-9a46-434fa0bf7e3f` `SD_GPT_USR_LOONGARCH64` | ditto | ditto | +| _`/usr/` Partition (32-bit MIPS LittleEndian (mipsel))_ | `0f4868e9-9952-4706-979f-3ed3a473e947` `SD_GPT_USR_MIPS_LE` | ditto | ditto | +| _`/usr/` Partition (64-bit MIPS LittleEndian (mips64el))_ | `c97c1f32-ba06-40b4-9f22-236061b08aa8` `SD_GPT_USR_MIPS64_LE` | ditto | ditto | +| _`/usr/` Partition (HPPA/PARISC)_ | `dc4a4480-6917-4262-a4ec-db9384949f25` `SD_GPT_USR_PARISC` | ditto | ditto | +| _`/usr/` Partition (32-bit PowerPC)_ | `7d14fec5-cc71-415d-9d6c-06bf0b3c3eaf` `SD_GPT_USR_PPC` | ditto | ditto | +| _`/usr/` Partition (64-bit PowerPC BigEndian)_ | `2c9739e2-f068-46b3-9fd0-01c5a9afbcca` `SD_GPT_USR_PPC64` | ditto | ditto | +| _`/usr/` Partition (64-bit PowerPC LittleEndian)_ | `15bb03af-77e7-4d4a-b12b-c0d084f7491c` `SD_GPT_USR_PPC64_LE` | ditto | ditto | +| _`/usr/` Partition (RISC-V 32-bit)_ | `b933fb22-5c3f-4f91-af90-e2bb0fa50702` `SD_GPT_USR_RISCV32` | ditto | ditto | +| _`/usr/` Partition (RISC-V 64-bit)_ | `beaec34b-8442-439b-a40b-984381ed097d` `SD_GPT_USR_RISCV64` | ditto | ditto | +| _`/usr/` Partition (s390)_ | `cd0f869b-d0fb-4ca0-b141-9ea87cc78d66` `SD_GPT_USR_S390` | ditto | ditto | +| _`/usr/` Partition (s390x)_ | `8a4f5770-50aa-4ed3-874a-99b710db6fea` `SD_GPT_USR_S390X` | ditto | ditto | +| _`/usr/` Partition (TILE-Gx)_ | `55497029-c7c1-44cc-aa39-815ed1558630` `SD_GPT_USR_TILEGX` | ditto | ditto | +| _`/usr/` Partition (x86)_ | `75250d76-8cc6-458e-bd66-bd47cc81a812` `SD_GPT_USR_X86` | ditto | ditto | +| _`/usr/` Partition (amd64/x86_64)_ | `8484680c-9521-48c6-9c11-b0720656f69e` `SD_GPT_USR_X86_64` | ditto | ditto | +| _Root Verity Partition (Alpha)_ | `fc56d9e9-e6e5-4c06-be32-e74407ce09a5` `SD_GPT_ROOT_ALPHA_VERITY` | A dm-verity superblock followed by hash data | Contains dm-verity integrity hash data for the matching root partition. If this feature is used the partition UUID of the root partition should be the first 128 bits of the root hash of the dm-verity hash data, and the partition UUID of this dm-verity partition should be the final 128 bits of it, so that the root partition and its Verity partition can be discovered easily, simply by specifying the root hash. | +| _Root Verity Partition (ARC)_ | `24b2d975-0f97-4521-afa1-cd531e421b8d` `SD_GPT_ROOT_ARC_VERITY` | ditto | ditto | +| _Root Verity Partition (32-bit ARM)_ | `7386cdf2-203c-47a9-a498-f2ecce45a2d6` `SD_GPT_ROOT_ARM_VERITY` | ditto | ditto | +| _Root Verity Partition (64-bit ARM/AArch64)_ | `df3300ce-d69f-4c92-978c-9bfb0f38d820` `SD_GPT_ROOT_ARM64_VERITY` | ditto | ditto | +| _Root Verity Partition (Itanium/IA-64)_ | `86ed10d5-b607-45bb-8957-d350f23d0571` `SD_GPT_ROOT_IA64_VERITY` | ditto | ditto | +| _Root Verity Partition (LoongArch 64-bit)_ | `f3393b22-e9af-4613-a948-9d3bfbd0c535` `SD_GPT_ROOT_LOONGARCH64_VERITY` | ditto | ditto | +| _Root Verity Partition (32-bit MIPS LittleEndian (mipsel))_ | `d7d150d2-2a04-4a33-8f12-16651205ff7b` `SD_GPT_ROOT_MIPS_LE_VERITY` | ditto | ditto | +| _Root Verity Partition (64-bit MIPS LittleEndian (mips64el))_ | `16b417f8-3e06-4f57-8dd2-9b5232f41aa6` `SD_GPT_ROOT_MIPS64_LE_VERITY` | ditto | ditto | +| _Root Verity Partition (HPPA/PARISC)_ | `d212a430-fbc5-49f9-a983-a7feef2b8d0e` `SD_GPT_ROOT_PARISC_VERITY` | ditto | ditto | +| _Root Verity Partition (64-bit PowerPC LittleEndian)_ | `906bd944-4589-4aae-a4e4-dd983917446a` `SD_GPT_ROOT_PPC64_LE_VERITY` | ditto | ditto | +| _Root Verity Partition (64-bit PowerPC BigEndian)_ | `9225a9a3-3c19-4d89-b4f6-eeff88f17631` `SD_GPT_ROOT_PPC64_VERITY` | ditto | ditto | +| _Root Verity Partition (32-bit PowerPC)_ | `98cfe649-1588-46dc-b2f0-add147424925` `SD_GPT_ROOT_PPC_VERITY` | ditto | ditto | +| _Root Verity Partition (RISC-V 32-bit)_ | `ae0253be-1167-4007-ac68-43926c14c5de` `SD_GPT_ROOT_RISCV32_VERITY` | ditto | ditto | +| _Root Verity Partition (RISC-V 64-bit)_ | `b6ed5582-440b-4209-b8da-5ff7c419ea3d` `SD_GPT_ROOT_RISCV64_VERITY` | ditto | ditto | +| _Root Verity Partition (s390)_ | `7ac63b47-b25c-463b-8df8-b4a94e6c90e1` `SD_GPT_ROOT_S390_VERITY` | ditto | ditto | +| _Root Verity Partition (s390x)_ | `b325bfbe-c7be-4ab8-8357-139e652d2f6b` `SD_GPT_ROOT_S390X_VERITY` | ditto | ditto | +| _Root Verity Partition (TILE-Gx)_ | `966061ec-28e4-4b2e-b4a5-1f0a825a1d84` `SD_GPT_ROOT_TILEGX_VERITY` | ditto | ditto | +| _Root Verity Partition (amd64/x86_64)_ | `2c7357ed-ebd2-46d9-aec1-23d437ec2bf5` `SD_GPT_ROOT_X86_64_VERITY` | ditto | ditto | +| _Root Verity Partition (x86)_ | `d13c5d3b-b5d1-422a-b29f-9454fdc89d76` `SD_GPT_ROOT_X86_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (Alpha)_ | `8cce0d25-c0d0-4a44-bd87-46331bf1df67` `SD_GPT_USR_ALPHA_VERITY` | A dm-verity superblock followed by hash data | Similar semantics to root Verity partition, but just for the `/usr/` partition. | +| _`/usr/` Verity Partition (ARC)_ | `fca0598c-d880-4591-8c16-4eda05c7347c` `SD_GPT_USR_ARC_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (32-bit ARM)_ | `c215d751-7bcd-4649-be90-6627490a4c05` `SD_GPT_USR_ARM_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (64-bit ARM/AArch64)_ | `6e11a4e7-fbca-4ded-b9e9-e1a512bb664e` `SD_GPT_USR_ARM64_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (Itanium/IA-64)_ | `6a491e03-3be7-4545-8e38-83320e0ea880` `SD_GPT_USR_IA64_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (LoongArch 64-bit)_ | `f46b2c26-59ae-48f0-9106-c50ed47f673d` `SD_GPT_USR_LOONGARCH64_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (32-bit MIPS LittleEndian (mipsel))_ | `46b98d8d-b55c-4e8f-aab3-37fca7f80752` `SD_GPT_USR_MIPS_LE_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (64-bit MIPS LittleEndian (mips64el))_ | `3c3d61fe-b5f3-414d-bb71-8739a694a4ef` `SD_GPT_USR_MIPS64_LE_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (HPPA/PARISC)_ | `5843d618-ec37-48d7-9f12-cea8e08768b2` `SD_GPT_USR_PARISC_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (64-bit PowerPC LittleEndian)_ | `ee2b9983-21e8-4153-86d9-b6901a54d1ce` `SD_GPT_USR_PPC64_LE_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (64-bit PowerPC BigEndian)_ | `bdb528a5-a259-475f-a87d-da53fa736a07` `SD_GPT_USR_PPC64_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (32-bit PowerPC)_ | `df765d00-270e-49e5-bc75-f47bb2118b09` `SD_GPT_USR_PPC_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (RISC-V 32-bit)_ | `cb1ee4e3-8cd0-4136-a0a4-aa61a32e8730` `SD_GPT_USR_RISCV32_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (RISC-V 64-bit)_ | `8f1056be-9b05-47c4-81d6-be53128e5b54` `SD_GPT_USR_RISCV64_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (s390)_ | `b663c618-e7bc-4d6d-90aa-11b756bb1797` `SD_GPT_USR_S390_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (s390x)_ | `31741cc4-1a2a-4111-a581-e00b447d2d06` `SD_GPT_USR_S390X_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (TILE-Gx)_ | `2fb4bf56-07fa-42da-8132-6b139f2026ae` `SD_GPT_USR_TILEGX_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (amd64/x86_64)_ | `77ff5f63-e7b6-4633-acf4-1565b864c0e6` `SD_GPT_USR_X86_64_VERITY` | ditto | ditto | +| _`/usr/` Verity Partition (x86)_ | `8f461b0d-14ee-4e81-9aa9-049b6fb97abd` `SD_GPT_USR_X86_VERITY` | ditto | ditto | +| _Root Verity Signature Partition (Alpha)_ | `d46495b7-a053-414f-80f7-700c99921ef8` `SD_GPT_ROOT_ALPHA_VERITY_SIG` | A serialized JSON object, see below | Contains a root hash and a PKCS#7 signature for it, permitting signed dm-verity GPT images. | +| _Root Verity Signature Partition (ARC)_ | `143a70ba-cbd3-4f06-919f-6c05683a78bc` `SD_GPT_ROOT_ARC_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (32-bit ARM)_ | `42b0455f-eb11-491d-98d3-56145ba9d037` `SD_GPT_ROOT_ARM_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (64-bit ARM/AArch64)_ | `6db69de6-29f4-4758-a7a5-962190f00ce3` `SD_GPT_ROOT_ARM64_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (Itanium/IA-64)_ | `e98b36ee-32ba-4882-9b12-0ce14655f46a` `SD_GPT_ROOT_IA64_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (LoongArch 64-bit)_ | `5afb67eb-ecc8-4f85-ae8e-ac1e7c50e7d0` `SD_GPT_ROOT_LOONGARCH64_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (32-bit MIPS LittleEndian (mipsel))_ | `c919cc1f-4456-4eff-918c-f75e94525ca5` `SD_GPT_ROOT_MIPS_LE_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (64-bit MIPS LittleEndian (mips64el))_ | `904e58ef-5c65-4a31-9c57-6af5fc7c5de7` `SD_GPT_ROOT_MIPS64_LE_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (HPPA/PARISC)_ | `15de6170-65d3-431c-916e-b0dcd8393f25` `SD_GPT_ROOT_PARISC_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (64-bit PowerPC LittleEndian)_ | `d4a236e7-e873-4c07-bf1d-bf6cf7f1c3c6` `SD_GPT_ROOT_PPC64_LE_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (64-bit PowerPC BigEndian)_ | `f5e2c20c-45b2-4ffa-bce9-2a60737e1aaf` `SD_GPT_ROOT_PPC64_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (32-bit PowerPC)_ | `1b31b5aa-add9-463a-b2ed-bd467fc857e7` `SD_GPT_ROOT_PPC_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (RISC-V 32-bit)_ | `3a112a75-8729-4380-b4cf-764d79934448` `SD_GPT_ROOT_RISCV32_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (RISC-V 64-bit)_ | `efe0f087-ea8d-4469-821a-4c2a96a8386a` `SD_GPT_ROOT_RISCV64_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (s390)_ | `3482388e-4254-435a-a241-766a065f9960` `SD_GPT_ROOT_S390_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (s390x)_ | `c80187a5-73a3-491a-901a-017c3fa953e9` `SD_GPT_ROOT_S390X_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (TILE-Gx)_ | `b3671439-97b0-4a53-90f7-2d5a8f3ad47b` `SD_GPT_ROOT_TILEGX_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (amd64/x86_64)_ | `41092b05-9fc8-4523-994f-2def0408b176` `SD_GPT_ROOT_X86_64_VERITY_SIG` | ditto | ditto | +| _Root Verity Signature Partition (x86)_ | `5996fc05-109c-48de-808b-23fa0830b676` `SD_GPT_ROOT_X86_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (Alpha)_ | `5c6e1c76-076a-457a-a0fe-f3b4cd21ce6e` `SD_GPT_USR_ALPHA_VERITY_SIG` | A serialized JSON object, see below | Similar semantics to root Verity signature partition, but just for the `/usr/` partition. | +| _`/usr/` Verity Signature Partition (ARC)_ | `94f9a9a1-9971-427a-a400-50cb297f0f35` `SD_GPT_USR_ARC_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (32-bit ARM)_ | `d7ff812f-37d1-4902-a810-d76ba57b975a` `SD_GPT_USR_ARM_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (64-bit ARM/AArch64)_ | `c23ce4ff-44bd-4b00-b2d4-b41b3419e02a` `SD_GPT_USR_ARM64_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (Itanium/IA-64)_ | `8de58bc2-2a43-460d-b14e-a76e4a17b47f` `SD_GPT_USR_IA64_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (LoongArch 64-bit)_ | `b024f315-d330-444c-8461-44bbde524e99` `SD_GPT_USR_LOONGARCH64_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (32-bit MIPS LittleEndian (mipsel))_ | `3e23ca0b-a4bc-4b4e-8087-5ab6a26aa8a9` `SD_GPT_USR_MIPS_LE_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (64-bit MIPS LittleEndian (mips64el))_ | `f2c2c7ee-adcc-4351-b5c6-ee9816b66e16` `SD_GPT_USR_MIPS64_LE_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (HPPA/PARISC)_ | `450dd7d1-3224-45ec-9cf2-a43a346d71ee` `SD_GPT_USR_PARISC_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (64-bit PowerPC LittleEndian)_ | `c8bfbd1e-268e-4521-8bba-bf314c399557` `SD_GPT_USR_PPC64_LE_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (64-bit PowerPC BigEndian)_ | `0b888863-d7f8-4d9e-9766-239fce4d58af` `SD_GPT_USR_PPC64_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (32-bit PowerPC)_ | `7007891d-d371-4a80-86a4-5cb875b9302e` `SD_GPT_USR_PPC_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (RISC-V 32-bit)_ | `c3836a13-3137-45ba-b583-b16c50fe5eb4` `SD_GPT_USR_RISCV32_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (RISC-V 64-bit)_ | `d2f9000a-7a18-453f-b5cd-4d32f77a7b32` `SD_GPT_USR_RISCV64_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (s390)_ | `17440e4f-a8d0-467f-a46e-3912ae6ef2c5` `SD_GPT_USR_S390_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (s390x)_ | `3f324816-667b-46ae-86ee-9b0c0c6c11b4` `SD_GPT_USR_S390X_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (TILE-Gx)_ | `4ede75e2-6ccc-4cc8-b9c7-70334b087510` `SD_GPT_USR_TILEGX_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (amd64/x86_64)_ | `e7bb33fb-06cf-4e81-8273-e543b413e2e2` `SD_GPT_USR_X86_64_VERITY_SIG` | ditto | ditto | +| _`/usr/` Verity Signature Partition (x86)_ | `974a71c0-de41-43c3-be5d-5c5ccd1ad2c0` `SD_GPT_USR_X86_VERITY_SIG` | ditto | ditto | +| _EFI System Partition_ | `c12a7328-f81f-11d2-ba4b-00a0c93ec93b` `SD_GPT_ESP` | VFAT | The ESP used for the current boot is automatically mounted to `/efi/` (or `/boot/` as fallback), unless a different partition is mounted there (possibly via `/etc/fstab`, or because the Extended Boot Loader Partition — see below — exists) or the directory is non-empty on the root disk. This partition type is defined by the [UEFI Specification](http://www.uefi.org/specifications). | +| _Extended Boot Loader Partition_ | `bc13c2ff-59e6-4262-a352-b275fd6f7172` `SD_GPT_XBOOTLDR` | Typically VFAT | The Extended Boot Loader Partition (XBOOTLDR) used for the current boot is automatically mounted to `/boot/`, unless a different partition is mounted there (possibly via `/etc/fstab`) or the directory is non-empty on the root disk. This partition type is defined by the [Boot Loader Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION). | +| _Swap_ | `0657fd6d-a4ab-43c4-84e5-0933c84b4f4f` `SD_GPT_SWAP` | Swap, optionally in LUKS | All swap partitions on the disk containing the root partition are automatically enabled. If the partition is encrypted with LUKS, the device mapper file will be named `/dev/mapper/swap`. This partition type predates the Discoverable Partitions Specification. | +| _Home Partition_ | `933ac7e1-2eb4-4f13-b844-0e14e2aef915` `SD_GPT_HOME` | Any native, optionally in LUKS | The first partition with this type UUID on the disk containing the root partition is automatically mounted to `/home/`. If the partition is encrypted with LUKS, the device mapper file will be named `/dev/mapper/home`. | +| _Server Data Partition_ | `3b8f8425-20e0-4f3b-907f-1a25a76f98e8` `SD_GPT_SRV` | Any native, optionally in LUKS | The first partition with this type UUID on the disk containing the root partition is automatically mounted to `/srv/`. If the partition is encrypted with LUKS, the device mapper file will be named `/dev/mapper/srv`. | +| _Variable Data Partition_ | `4d21b016-b534-45c2-a9fb-5c16e091fd2d` `SD_GPT_VAR` | Any native, optionally in LUKS | The first partition with this type UUID on the disk containing the root partition is automatically mounted to `/var/` — under the condition that its partition UUID matches the first 128 bits of `HMAC-SHA256(machine-id, 0x4d21b016b53445c2a9fb5c16e091fd2d)` (i.e. the SHA256 HMAC hash of the binary type UUID keyed by the machine ID as read from [`/etc/machine-id`](https://www.freedesktop.org/software/systemd/man/machine-id.html). This special requirement is made because `/var/` (unlike the other partition types listed here) is inherently private to a specific installation and cannot possibly be shared between multiple OS installations on the same disk, and thus should be bound to a specific instance of the OS, identified by its machine ID. If the partition is encrypted with LUKS, the device mapper file will be named `/dev/mapper/var`. | +| _Temporary Data Partition_ | `7ec6f557-3bc5-4aca-b293-16ef5df639d1` `SD_GPT_TMP` | Any native, optionally in LUKS | The first partition with this type UUID on the disk containing the root partition is automatically mounted to `/var/tmp/`. If the partition is encrypted with LUKS, the device mapper file will be named `/dev/mapper/tmp`. Note that the intended mount point is indeed `/var/tmp/`, not `/tmp/`. The latter is typically maintained in memory via `tmpfs` and does not require a partition on disk. In some cases it might be desirable to make `/tmp/` persistent too, in which case it is recommended to make it a symlink or bind mount to `/var/tmp/`, thus not requiring its own partition type UUID. | +| _Per-user Home Partition_ | `773f91ef-66d4-49b5-bd83-d683bf40ad16` `SD_GPT_USER_HOME` | Any native, optionally in LUKS | A home partition of a user, managed by [`systemd-homed`](https://www.freedesktop.org/software/systemd/man/systemd-homed.html). | +| _Generic Linux Data Partition_ | `0fc63daf-8483-4772-8e79-3d69d8477de4` `SD_GPT_LINUX_GENERIC` | Any native, optionally in LUKS | No automatic mounting takes place for other Linux data partitions. This partition type should be used for all partitions that carry Linux file systems. The installer needs to mount them explicitly via entries in `/etc/fstab`. Optionally, these partitions may be encrypted with LUKS. This partition type predates the Discoverable Partitions Specification. | Other GPT type IDs might be used on Linux, for example to mark software RAID or LVM partitions. The definitions of those GPT types is outside of the scope of @@ -183,41 +183,41 @@ For the Root/Verity/Verity signature partitions it might make sense to use a versioned naming scheme reflecting the OS name and its version, e.g. "fooOS_2021.4" or similar. -## Partition Flags +## Partition Attribute Flags -This specification defines three GPT partition flags that may be set for the -partition types defined above: +This specification defines three GPT partition attribute flags that may be set +for the partition types defined above: 1. For the root, `/usr/`, Verity, Verity signature, home, server data, variable - data, temporary data, swap and extended boot loader partitions, the - partition flag bit 63 ("*no-auto*") may be used to turn off auto-discovery - for the specific partition. If set, the partition will not be automatically - mounted or enabled. + data, temporary data, swap, and extended boot loader partitions, the + partition flag bit 63 ("*no-auto*", *SD_GPT_FLAG_NO_AUTO*) may be used to + turn off auto-discovery for the specific partition. If set, the partition + will not be automatically mounted or enabled. 2. For the root, `/usr/`, Verity, Verity signature home, server data, variable data, temporary data and extended boot loader partitions, the partition flag - bit 60 ("*read-only*") may be used to mark a partition for read-only mounts - only. If set, the partition will be mounted read-only instead of - read-write. Note that the variable data partition and the temporary data - partition will generally not be able to serve their purpose if marked - read-only, since by their very definition they are supposed to be - mutable. (The home and server data partitions are generally assumed to be - mutable as well, but the requirement for them is not equally strong.) - Because of that, while the read-only flag is defined and supported, it's - almost never a good idea to actually use it for these partitions. Also note - that Verity and signature partitions are by their semantics always + bit 60 ("*read-only*", *SD_GPT_FLAG_READ_ONLY*) may be used to mark a + partition for read-only mounts only. If set, the partition will be mounted + read-only instead of read-write. Note that the variable data partition and + the temporary data partition will generally not be able to serve their + purpose if marked read-only, since by their very definition they are + supposed to be mutable. (The home and server data partitions are generally + assumed to be mutable as well, but the requirement for them is not equally + strong.) Because of that, while the read-only flag is defined and supported, + it's almost never a good idea to actually use it for these partitions. Also + note that Verity and signature partitions are by their semantics always read-only. The flag is hence of little effect for them, and it is recommended to set it unconditionally for the Verity and signature partition types. 3. For the root, `/usr/`, home, server data, variable data, temporary data and extended boot loader partitions, the partition flag bit 59 - ("*grow-file-system*") may be used to mark a partition for automatic growing - of the contained file system to the size of the partition when - mounted. Tools that automatically mount disk image with a GPT partition - table are suggested to implicitly grow the contained file system to the - partition size they are contained in, if they are found to be smaller. This - flag is without effect on partitions marked read-only. + ("*grow-file-system*", *SD_GPT_FLAG_GROWFS*) may be used to mark a partition + for automatic growing of the contained file system to the size of the + partition when mounted. Tools that automatically mount disk image with a GPT + partition table are suggested to implicitly grow the contained file system + to the partition size they are contained in, if they are found to be + smaller. This flag is without effect on partitions marked "*read-only*". Note that the first two flag definitions happen to correspond nicely to the same ones used by Microsoft Basic Data Partitions. diff --git a/tools/list-discoverable-partitions.py b/tools/list-discoverable-partitions.py index 43d7ee9984..153c904774 100644 --- a/tools/list-discoverable-partitions.py +++ b/tools/list-discoverable-partitions.py @@ -146,6 +146,7 @@ def extract(file): if not m: continue + name = line.split()[1] if m2 := re.match(r'^(ROOT|USR)_([A-Z0-9]+|X86_64|PPC64_LE|MIPS_LE|MIPS64_LE)(|_VERITY|_VERITY_SIG)\s+SD_ID128_MAKE\((.*)\)', m.group(1)): type, arch, suffix, u = m2.groups() u = uuid.UUID(u.replace(',', '')) @@ -153,12 +154,12 @@ def extract(file): type = f'{type}{suffix}' assert type in TYPES - yield type, arch, u + yield name, type, arch, u elif m2 := re.match(r'(\w+)\s+SD_ID128_MAKE\((.*)\)', m.group(1)): type, u = m2.groups() u = uuid.UUID(u.replace(',', '')) - yield type, None, u + yield name, type, None, u else: raise Exception(f'Failed to match: {m.group(1)}') @@ -170,7 +171,7 @@ def generate(defines): uuids = set() - for type, arch, uuid in defines: + for name, type, arch, uuid in defines: tdesc = TYPES[type] adesc = '' if arch is None else f' ({ARCHITECTURES[arch]})' @@ -184,7 +185,7 @@ def generate(defines): else: morea = moreb = 'ditto' - print(f'| _{tdesc}{adesc}_ | `{uuid}` | {morea} | {moreb} |') + print(f'| _{tdesc}{adesc}_ | `{uuid}` `{name}` | {morea} | {moreb} |') if __name__ == '__main__': known = extract(sys.stdin) From ed1cf1d9707fa4c11fe0106a72fb25364e02f625 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Sun, 18 Sep 2022 13:20:05 +0200 Subject: [PATCH 9/9] sd-gpt: adjust comments and use UINT64_C() --- src/systemd/sd-gpt.h | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/src/systemd/sd-gpt.h b/src/systemd/sd-gpt.h index e369a0f4b5..baa19b1343 100644 --- a/src/systemd/sd-gpt.h +++ b/src/systemd/sd-gpt.h @@ -299,16 +299,20 @@ _SD_BEGIN_DECLARATIONS; # define SD_GPT_USR_NATIVE_VERITY_SIG SD_GPT_USR_X86_VERITY_SIG #endif -#define SD_GPT_FLAG_REQUIRED_PARTITION (1ULL << 0) -#define SD_GPT_FLAG_NO_BLOCK_IO_PROTOCOL (1ULL << 1) -#define SD_GPT_FLAG_LEGACY_BIOS_BOOTABLE (1ULL << 2) +/* Partition attributes defined by the UEFI specification. */ +#define SD_GPT_FLAG_REQUIRED_PARTITION (UINT64_C(1) << 0) +#define SD_GPT_FLAG_NO_BLOCK_IO_PROTOCOL (UINT64_C(1) << 1) +#define SD_GPT_FLAG_LEGACY_BIOS_BOOTABLE (UINT64_C(1) << 2) /* Flags we recognize on the root, usr, xbootldr, swap, home, srv, var, tmp partitions when doing - * auto-discovery. These happen to be identical to what Microsoft defines for its own Basic Data Partitions, - * but that's just because we saw no point in defining any other values here. */ -#define SD_GPT_FLAG_READ_ONLY (1ULL << 60) -#define SD_GPT_FLAG_NO_AUTO (1ULL << 63) -#define SD_GPT_FLAG_GROWFS (1ULL << 59) + * auto-discovery. + * + * The first two happen to be identical to what Microsoft defines for its own Basic Data Partitions + * in "winioctl.h": GPT_BASIC_DATA_ATTRIBUTE_READ_ONLY, GPT_BASIC_DATA_ATTRIBUTE_NO_DRIVE_LETTER. + */ +#define SD_GPT_FLAG_READ_ONLY (UINT64_C(1) << 60) +#define SD_GPT_FLAG_NO_AUTO (UINT64_C(1) << 63) +#define SD_GPT_FLAG_GROWFS (UINT64_C(1) << 59) _SD_END_DECLARATIONS;