From 74cb2db9f403dfe17cabc6dac48b0f49a84eb03f Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Sep 2020 17:32:34 +0200 Subject: [PATCH] dissect: always invalidate secondary arch partitions if we found primary arch Let's suppress the secondary arch data, since we never ever want to mount it if we found the primary arch. Previously we only suppressed in the Verity case, but there's little reason to entertain the idea of a secondary arch in non-Verity environments either, we are not going to use them, and should not do decryption or anything like that. --- src/shared/dissect-image.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 8bfbaba5ae..e7e05a5de6 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -793,7 +793,12 @@ int dissect_image( } } - if (!m->partitions[PARTITION_ROOT].found) { + if (m->partitions[PARTITION_ROOT].found) { + /* If we found the primary arch, then invalidate the secondary arch to avoid any ambiguities, + * since we never want to mount the secondary arch in this case. */ + m->partitions[PARTITION_ROOT_SECONDARY].found = false; + m->partitions[PARTITION_ROOT_SECONDARY_VERITY].found = false; + } else { /* No root partition found? Then let's see if ther's one for the secondary architecture. And if not * either, then check if there's a single generic one, and use that. */ @@ -848,12 +853,6 @@ int dissect_image( if (!m->partitions[PARTITION_ROOT_VERITY].found || !m->partitions[PARTITION_ROOT].found) return -EADDRNOTAVAIL; - /* If we found the primary root with the hash, then we definitely want to suppress any secondary root - * (which would be weird, after all the root hash should only be assigned to one pair of - * partitions... */ - m->partitions[PARTITION_ROOT_SECONDARY].found = false; - m->partitions[PARTITION_ROOT_SECONDARY_VERITY].found = false; - /* If we found a verity setup, then the root partition is necessarily read-only. */ m->partitions[PARTITION_ROOT].rw = false;