Kernel parameters for systemd-boot (#700)

* using kernel parameter in systemd-boot
yast · Apr 30, 2024 · d5388e6 · d5388e6
1 parent 3a16f9b
commit d5388e6
Show file tree

Hide file tree

Showing 13 changed files with 384 additions and 155 deletions.
diff --git a/package/yast2-bootloader.changes b/package/yast2-bootloader.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Apr 26 13:07:51 UTC 2024 - Stefan Schubert <schubi@suse.com>
+
+- Creating kernel options for systemd-boot. (bsc#1220892)
+- 5.0.9
+
 -------------------------------------------------------------------
 Fri Apr  5 08:08:09 UTC 2024 - Josef Reidinger <jreidinger@suse.com>
 

diff --git a/package/yast2-bootloader.spec b/package/yast2-bootloader.spec
@@ -17,7 +17,7 @@
 
 
 Name:           yast2-bootloader
-Version:        5.0.8
+Version:        5.0.9
 Release:        0
 Summary:        YaST2 - Bootloader Configuration
 License:        GPL-2.0-or-later

diff --git a/src/lib/bootloader/generic_widgets.rb b/src/lib/bootloader/generic_widgets.rb
@@ -3,6 +3,7 @@
 require "yast"
 
 require "bootloader/bootloader_factory"
+require "bootloader/cpu_mitigations"
 
 require "cwm/widget"
 
@@ -110,4 +111,109 @@ def help
       )
     end
   end
+
+  # Represents decision if smt is enabled
+  class CpuMitigationsWidget < CWM::ComboBox
+    def initialize
+      textdomain "bootloader"
+
+      super
+    end
+
+    def label
+      _("CPU Mitigations")
+    end
+
+    def items
+      ::Bootloader::CpuMitigations::ALL.map do |m|
+        [m.value.to_s, m.to_human_string]
+      end
+    end
+
+    def help
+      _(
+        "<p><b>CPU Mitigations</b><br>\n" \
+        "The option selects which default settings should be used for CPU \n" \
+        "side channels mitigations. A highlevel description is on our Technical Information \n" \
+        "Document TID 7023836. Following options are available:<ul>\n" \
+        "<li><b>Auto</b>: This option enables all the mitigations needed for your CPU model. \n" \
+        "This setting can impact performance to some degree, depending on CPU model and \n" \
+        "workload. It provides all security mitigations, but it does not protect against \n" \
+        "cross-CPU thread attacks.</li>\n" \
+        "<li><b>Auto + No SMT</b>: This option enables all the above mitigations in \n" \
+        "\"Auto\", and also disables Simultaneous Multithreading to avoid \n" \
+        "side channel attacks across multiple CPU threads. This setting can \n" \
+        "further impact performance, depending on your \n" \
+        "workload. This setting provides the full set of available security mitigations.</li>\n" \
+        "<li><b>Off</b>: All CPU Mitigations are disabled. This setting has no performance \n" \
+        "impact, but side channel attacks against your CPU are possible, depending on CPU \n" \
+        "model.</li>\n" \
+        "<li><b>Manual</b>: This setting does not specify a mitigation level and leaves \n" \
+        "this to be the kernel default. The administrator can add other mitigations options \n" \
+        "in the <i>kernel command line</i> widget.\n" \
+        "All CPU mitigation specific options can be set manually.</li></ul></p>"
+      )
+    end
+
+    def init
+      if Bootloader::BootloaderFactory.current.respond_to?(:cpu_mitigations)
+        self.value = Bootloader::BootloaderFactory.current.cpu_mitigations.value.to_s
+      else
+        disable
+      end
+    end
+
+    def store
+      return unless enabled?
+
+      Bootloader::BootloaderFactory.current.cpu_mitigations =
+        ::Bootloader::CpuMitigations.new(value.to_sym)
+    end
+  end
+
+  # represents kernel command line
+  class KernelAppendWidget < CWM::InputField
+    def initialize
+      textdomain "bootloader"
+
+      super
+    end
+
+    def label
+      _("O&ptional Kernel Command Line Parameter")
+    end
+
+    def help
+      _(
+        "<p><b>Optional Kernel Command Line Parameter</b> lets you define " \
+        "additional parameters to pass to the kernel.</p>"
+      )
+    end
+
+    def init
+      current_bl = ::Bootloader::BootloaderFactory.current
+      case current_bl
+      when ::Bootloader::SystemdBoot
+        self.value = current_bl.kernel_params.serialize.gsub(/mitigations=\S+/, "")
+      when ::Bootloader::Grub2Base
+        self.value = current_bl.grub_default.kernel_params.serialize.gsub(/mitigations=\S+/, "")
+      else
+        disable
+      end
+    end
+
+    def store
+      return unless enabled?
+
+      current_bl = ::Bootloader::BootloaderFactory.current
+      case current_bl
+      when ::Bootloader::SystemdBoot
+        current_bl.kernel_params.replace(value)
+      when ::Bootloader::Grub2Base
+        current_bl.grub_default.kernel_params.replace(value)
+      else
+        log.error("Bootloader type #{current_bl} not found.")
+      end
+    end
+  end
 end
diff --git a/src/lib/bootloader/grub2_widgets.rb b/src/lib/bootloader/grub2_widgets.rb
@@ -122,66 +122,6 @@ def store
       end
     end
 
-    # Represents decision if smt is enabled
-    class CpuMitigationsWidget < CWM::ComboBox
-      include Grub2Helper
-
-      def initialize
-        textdomain "bootloader"
-
-        super
-      end
-
-      def label
-        _("CPU Mitigations")
-      end
-
-      def items
-        ::Bootloader::CpuMitigations::ALL.map do |m|
-          [m.value.to_s, m.to_human_string]
-        end
-      end
-
-      def help
-        _(
-          "<p><b>CPU Mitigations</b><br>\n" \
-          "The option selects which default settings should be used for CPU \n" \
-          "side channels mitigations. A highlevel description is on our Technical Information \n" \
-          "Document TID 7023836. Following options are available:<ul>\n" \
-          "<li><b>Auto</b>: This option enables all the mitigations needed for your CPU model. \n" \
-          "This setting can impact performance to some degree, depending on CPU model and \n" \
-          "workload. It provides all security mitigations, but it does not protect against \n" \
-          "cross-CPU thread attacks.</li>\n" \
-          "<li><b>Auto + No SMT</b>: This option enables all the above mitigations in \n" \
-          "\"Auto\", and also disables Simultaneous Multithreading to avoid \n" \
-          "side channel attacks across multiple CPU threads. This setting can \n" \
-          "further impact performance, depending on your \n" \
-          "workload. This setting provides the full set of available security mitigations.</li>\n" \
-          "<li><b>Off</b>: All CPU Mitigations are disabled. This setting has no performance \n" \
-          "impact, but side channel attacks against your CPU are possible, depending on CPU \n" \
-          "model.</li>\n" \
-          "<li><b>Manual</b>: This setting does not specify a mitigation level and leaves \n" \
-          "this to be the kernel default. The administrator can add other mitigations options \n" \
-          "in the <i>kernel command line</i> widget.\n" \
-          "All CPU mitigation specific options can be set manually.</li></ul></p>"
-        )
-      end
-
-      def init
-        if grub2.respond_to?(:cpu_mitigations)
-          self.value = grub2.cpu_mitigations.value.to_s
-        else
-          # do not crash when use no bootloader. This widget is also used in security dialog.
-          # (bsc#1184968)
-          disable
-        end
-      end
-
-      def store
-        grub2.cpu_mitigations = ::Bootloader::CpuMitigations.new(value.to_sym) if enabled?
-      end
-    end
-
     # Represents decision if generic MBR have to be installed on disk
     class GenericMBRWidget < CWM::CheckBox
       include Grub2Helper
@@ -268,36 +208,6 @@ def store
       end
     end
 
-    # represents kernel command line
-    class KernelAppendWidget < CWM::InputField
-      include Grub2Helper
-
-      def initialize
-        textdomain "bootloader"
-
-        super
-      end
-
-      def label
-        _("O&ptional Kernel Command Line Parameter")
-      end
-
-      def help
-        _(
-          "<p><b>Optional Kernel Command Line Parameter</b> lets you define " \
-          "additional parameters to pass to the kernel.</p>"
-        )
-      end
-
-      def init
-        self.value = grub_default.kernel_params.serialize.gsub(/mitigations=\S+/, "")
-      end
-
-      def store
-        grub_default.kernel_params.replace(value)
-      end
-    end
-
     # Represents Protective MBR action
     class PMBRWidget < CWM::ComboBox
       include Grub2Helper

diff --git a/src/lib/bootloader/grub2base.rb b/src/lib/bootloader/grub2base.rb
@@ -21,7 +21,6 @@
 Yast.import "BootStorage"
 Yast.import "HTML"
 Yast.import "Initrd"
-Yast.import "Kernel"
 Yast.import "Mode"
 Yast.import "Pkg"
 Yast.import "Product"
@@ -381,31 +380,13 @@ def propose_xen_hypervisor
       grub_default.xen_hypervisor_params.add_parameter("vga", "gfx-1024x768x16", placer)
     end
 
-    def propose_resume
-      swap_parts = Yast::BootStorage.available_swap_partitions
-      largest_swap_name, lagest_swap_size = (swap_parts.max_by { |_part, size| size } || [])
-
-      propose = Yast::Kernel.propose_hibernation? && largest_swap_name
-
-      return "" unless propose
-
-      if lagest_swap_size < Yast::BootStorage.ram_size
-        log.info "resume parameter is not added because swap (#{largest_swap_name}) is too small"
-
-        return ""
-      end
-
-      # try to use label or udev id for device name... FATE #302219
-      UdevMapping.to_mountby_device(largest_swap_name)
-    end
-
     def propose_encrypted
       grub_default.cryptodisk.value = !!Yast::BootStorage.encrypted_boot?
     end
 
     def propose_grub_default
       if grub_default.kernel_params.empty?
-        kernel_line = Yast::BootArch.DefaultKernelParams(propose_resume)
+        kernel_line = Yast::BootArch.DefaultKernelParams(Yast::BootStorage.propose_resume)
         grub_default.kernel_params.replace(kernel_line)
       end
       grub_default.gfxmode ||= "auto"