From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id E44BC1AE03; Mon, 20 Oct 2025 20:27:52 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 4D7D01ADC9; Mon, 20 Oct 2025 20:27:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=0.0 required=3.0 tests=DMARC_MISSING,SPF_HELO_PASS autolearn=unavailable autolearn_force=no version=4.0.1 Received: from gardel.0pointer.net (gardel.0pointer.net [IPv6:2a01:238:43ed:c300:10c3:bcf3:3266:da74]) by atuin.qyliss.net (Postfix) with ESMTPS id A06681ADC8 for ; Mon, 20 Oct 2025 20:27:50 +0000 (UTC) Received: from gardel-login.0pointer.net (gardel-mail [85.214.157.71]) by gardel.0pointer.net (Postfix) with ESMTP id E8AADE8021A; Mon, 20 Oct 2025 22:27:44 +0200 (CEST) Received: by gardel-login.0pointer.net (Postfix, from userid 1000) id 4701B160170; Mon, 20 Oct 2025 22:27:43 +0200 (CEST) Date: Mon, 20 Oct 2025 22:27:43 +0200 From: Lennart Poettering To: Demi Marie Obenour Subject: Re: [systemd-devel] With UEFI secure boot and dm-verity, how does one find the user data partition? Message-ID: References: <14b8d7d5-1807-4814-8398-861883ebb3b0@gmail.com> <573228c7-32be-4dcb-93e2-54e9b74c828c@gmail.com> <2c453481-262f-407f-9a92-db3f4284042f@gmail.com> <9ffb84b5-9c96-4899-ad8e-2401f387a3cd@gmail.com> <9675e9d2-90ce-4660-9fc0-35e0919b2a50@gmail.com> <18dcd7d1-395e-4356-8597-32afc31e6918@gmail.com> <53262aac-8a40-4e77-97ea-e9847c0a82c9@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53262aac-8a40-4e77-97ea-e9847c0a82c9@gmail.com> Message-ID-Hash: 2NFGBCAJKBJ7UO4Y62ZZLMNUROP3MSYX X-Message-ID-Hash: 2NFGBCAJKBJ7UO4Y62ZZLMNUROP3MSYX X-MailFrom: lennart@poettering.net X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Andrei Borzenkov , Feli Flitzberg , systemd development , Spectrum OS Development X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Mo, 20.10.25 15:45, Demi Marie Obenour (demiobenour@gmail.com) wrote: > >> Unfortunately this isn't what is needed. Looks like UEFI variable > >> storage is the best option. > > > > Partition UUID is (supposed to be) unique for every partition, so it > > most certainly allows one to identify the device to which it belongs. > > I mixed up partition UUID and partition *type* UUID. > > What is the best way to use it? The most obvious one requires that > whenever a block device appears, one checks if either: > > - This has the correct partition UUID, and a device with the same > diskseq and the correct partition type UUID has appeared. > - This has the correct partition type UUID, and a device with the > same diskseq and the correct partition UUID has appeared. > > Is there a simpler option? The {Loader,Stub}DevicePartUUID efi var is passed in from the firmware, which has no concept of a diskseq, hence it's purely a uuid. systemd v258 and newer make the ESP booted from available via /dev/disk/by-designator/esp and XBOOTLDR as /dev/disk/by-designator/xbootldr as symlinks. Lennart -- Lennart Poettering, Berlin