dissect: don't honour NOAUTO flags when looking for ESP (#5224)

The flag is originally defined for "basic data partitions", but not for the
ESP. We reuse it for the various partitions defined by the Discoverable
Partitions Spec, but it isn't defined for the ESP, hence don't check for
it. Instead, do check for GPT_FLAG_NO_BLOCK_IO_PROTOCOL, as that flag
actually is defined for all partition types, and recommended to use by
the UEFI spec.

Fixes: #5218

diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c
index 878cb00..c17486c 100644 (file)
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@@ -347,9 +347,6 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI
                         sd_id128_t type_id, id;
                         bool rw = true;
 
-                        if (pflags & GPT_FLAG_NO_AUTO)
-                                continue;
-
                         sid = blkid_partition_get_uuid(pp);
                         if (!sid)
                                 continue;
@@ -363,18 +360,37 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI
                                 continue;
 
                         if (sd_id128_equal(type_id, GPT_HOME)) {
+
+                                if (pflags & GPT_FLAG_NO_AUTO)
+                                        continue;
+
                                 designator = PARTITION_HOME;
                                 rw = !(pflags & GPT_FLAG_READ_ONLY);
                         } else if (sd_id128_equal(type_id, GPT_SRV)) {
+
+                                if (pflags & GPT_FLAG_NO_AUTO)
+                                        continue;
+
                                 designator = PARTITION_SRV;
                                 rw = !(pflags & GPT_FLAG_READ_ONLY);
                         } else if (sd_id128_equal(type_id, GPT_ESP)) {
+
+                                /* Note that we don't check the GPT_FLAG_NO_AUTO flag for the ESP, as it is not defined
+                                 * there. We instead check the GPT_FLAG_NO_BLOCK_IO_PROTOCOL, as recommended by the
+                                 * UEFI spec (See "12.3.3 Number and Location of System Partitions"). */
+
+                                if (pflags & GPT_FLAG_NO_BLOCK_IO_PROTOCOL)
+                                        continue;
+
                                 designator = PARTITION_ESP;
                                 fstype = "vfat";
                         }
 #ifdef GPT_ROOT_NATIVE
                         else if (sd_id128_equal(type_id, GPT_ROOT_NATIVE)) {
 
+                                if (pflags & GPT_FLAG_NO_AUTO)
+                                        continue;
+
                                 /* If a root ID is specified, ignore everything but the root id */
                                 if (!sd_id128_is_null(root_uuid) && !sd_id128_equal(root_uuid, id))
                                         continue;
@@ -384,6 +400,9 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI
                                 rw = !(pflags & GPT_FLAG_READ_ONLY);
                         } else if (sd_id128_equal(type_id, GPT_ROOT_NATIVE_VERITY)) {
 
+                                if (pflags & GPT_FLAG_NO_AUTO)
+                                        continue;
+
                                 m->can_verity = true;
 
                                 /* Ignore verity unless a root hash is specified */
@@ -399,6 +418,9 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI
 #ifdef GPT_ROOT_SECONDARY
                         else if (sd_id128_equal(type_id, GPT_ROOT_SECONDARY)) {
 
+                                if (pflags & GPT_FLAG_NO_AUTO)
+                                        continue;
+
                                 /* If a root ID is specified, ignore everything but the root id */
                                 if (!sd_id128_is_null(root_uuid) && !sd_id128_equal(root_uuid, id))
                                         continue;
@@ -407,6 +429,10 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI
                                 architecture = SECONDARY_ARCHITECTURE;
                                 rw = !(pflags & GPT_FLAG_READ_ONLY);
                         } else if (sd_id128_equal(type_id, GPT_ROOT_SECONDARY_VERITY)) {
+
+                                if (pflags & GPT_FLAG_NO_AUTO)
+                                        continue;
+
                                 m->can_verity = true;
 
                                 /* Ignore verity unless root has is specified */
@@ -420,10 +446,17 @@ int dissect_image(int fd, const void *root_hash, size_t root_hash_size, DissectI
                         }
 #endif
                         else if (sd_id128_equal(type_id, GPT_SWAP)) {
+
+                                if (pflags & GPT_FLAG_NO_AUTO)
+                                        continue;
+
                                 designator = PARTITION_SWAP;
                                 fstype = "swap";
                         } else if (sd_id128_equal(type_id, GPT_LINUX_GENERIC)) {
 
+                                if (pflags & GPT_FLAG_NO_AUTO)
+                                        continue;
+
                                 if (generic_node)
                                         multiple_generic = true;
                                 else {

diff --git a/src/shared/gpt.h b/src/shared/gpt.h
index 13d80d6..cc75200 100644 (file)
--- a/src/shared/gpt.h
+++ b/src/shared/gpt.h
@@ -71,6 +71,8 @@
 #  define GPT_ROOT_NATIVE_VERITY GPT_ROOT_ARM_VERITY
 #endif
 
+#define GPT_FLAG_NO_BLOCK_IO_PROTOCOL (1ULL << 1)
+
 /* Flags we recognize on the root, swap, home and srv partitions when
  * doing auto-discovery. These happen to be identical to what
  * Microsoft defines for its own Basic Data Partitions, but that's