Hi! I have come across an oddity in my efibootguard implementation, with EFI Boot Guard v0.13 from Debian Bookworm. I haven't tried this with the latest version.
We have two boot configurations and shipping with config1 disabled (e.g ustate set to FAILED). efibootguard boots from config0 and on first boot, I run `bg_setenv --confirm` which I am assuming should just set config0 to OK, but it seems to sets the ustate of all partitions to OK. To reproduce this, I have an initial environment with: bg_printenv[356]: ---------------------------- bg_printenv[356]: Config Partition #0 Values: bg_printenv[356]: in_progress: no bg_printenv[356]: revision: 2 bg_printenv[356]: kernel: C:BOOT0:linux.efi bg_printenv[356]: kernelargs: bg_printenv[356]: watchdog timeout: 30 seconds bg_printenv[356]: ustate: 0 (OK) bg_printenv[356]: user variables: bg_printenv[356]: ---------------------------- bg_printenv[356]: Config Partition #1 Values: bg_printenv[356]: in_progress: no bg_printenv[356]: revision: 1 bg_printenv[356]: kernel: bg_printenv[356]: kernelargs: bg_printenv[356]: watchdog timeout: 30 seconds bg_printenv[356]: ustate: 3 (FAILED) bg_printenv[356]: user variables: Running `bg_setenv --confirm` results in: bg_setenv[405]: Processing journal... bg_setenv[405]: Task = SET, key = ustate, type = 0, val = 0 bg_setenv[405]: Probing config file at /tmp/mnt-ydqsvs/BGENV.DAT. bg_setenv[405]: New environment data: bg_setenv[405]: --------------------- bg_setenv[405]: Values: bg_setenv[405]: in_progress: no bg_setenv[405]: revision: 2 bg_setenv[405]: kernel: C:BOOT0:linux.efi bg_setenv[405]: kernelargs: bg_setenv[405]: watchdog timeout: 30 seconds bg_setenv[405]: ustate: 0 (OK) bg_setenv[405]: user variables: bg_setenv[405]: Probing config file at /tmp/mnt-QXVipB/BGENV.DAT. bg_setenv[405]: Environment update was successful. and the environment ends up being: bg_printenv[472]: ---------------------------- bg_printenv[472]: Config Partition #0 Values: bg_printenv[472]: in_progress: no bg_printenv[472]: revision: 2 bg_printenv[472]: kernel: C:BOOT0:linux.efi bg_printenv[472]: kernelargs: bg_printenv[472]: watchdog timeout: 30 seconds bg_printenv[472]: ustate: 0 (OK) bg_printenv[472]: user variables: bg_printenv[472]: ---------------------------- bg_printenv[472]: Config Partition #1 Values: bg_printenv[472]: in_progress: no bg_printenv[472]: revision: 1 bg_printenv[472]: kernel: bg_printenv[472]: kernelargs: bg_printenv[472]: watchdog timeout: 30 seconds bg_printenv[472]: ustate: 0 (OK) bg_printenv[472]: user variables: I am wondering, if `bg_setenv --confirm` should set only the booted configuration to OK or if the case which I have here, where all configs are set to OK, even though one is FAILED ? Thanks! Christopher Obbard -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to efibootguard-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/89c64be7dd99bc243b556bc43b14826a71c617c9.camel%40collabora.com.
