You are not logged in.

Pages: 1

#1 2024-08-28 10:09:46

anicearchnewbie
Member
Registered: 2023-05-04
Posts: 16

Boot Entry Vanishes from systemd-boot after adding boot parameters

I wanted to apply a few boot parameters recommended by this article, but the boot loader entry for the kernel that i wanted to apply these parameters to, which is linux-hardened vanishes after i apply these parameters, i tried undoing the parameters and rebooting, and when i do that, it is visible again, and i can boot with that kernel, is there a way to know which boot parameter is causing the issue (other than just manually rebooting 50 times to check which parameter is blocking the boot process)? Here is the loader entry for reference, the line with the boot parameters is commented out so that i can boot properly : 

# Created by: archinstall
# Created on: 2024-08-21_11-05-21
title   Arch Linux (linux-hardened)
linux   /vmlinuz-linux-hardened  
#linux   /vmlinuz-linux-hardened slab_nomerge selinux=1 security=selinux init_on_alloc=1 init_on_free=1 page_alloc.shuffle=1 pti=on randomize_kstack_offset=on vsyscall=none debugfs=off oops=panic module.sig_enforce=1 lockdown=confidentiality quiet loglevel=0 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force  
initrd  /initramfs-linux-hardened.img
options cryptdevice=PARTUUID=f9f8782e-7yc9-4a4b-81ce-0926fi9a902c:root root=/dev/mapper/root zswap.enabled=0 rootflags=subvol=@ rw rootfstype=btrfs

Last edited by anicearchnewbie (2024-08-28 10:18:43)

Offline

#2 2024-08-28 18:43:11

Head_on_a_Stick
Member
From: The Wirral
Registered: 2014-02-20
Posts: 8,423
Website

Re: Boot Entry Vanishes from systemd-boot after adding boot parameters

I think there's a 255 character limit on kernel parameters. You have 371.

EDIT: and more importantly, the parameters need to go on the "options" line, not the "linux" line. Can't believe I missed that roll

Last edited by Head_on_a_Stick (2024-08-28 19:08:50)

Para todos todo, para nosotros nada

Offline

#3 2024-08-29 03:15:36

anicearchnewbie
Member
Registered: 2023-05-04
Posts: 16

Re: Boot Entry Vanishes from systemd-boot after adding boot parameters

Head_on_a_Stick wrote:

I think there's a 255 character limit on kernel parameters. You have 371.

EDIT: and more importantly, the parameters need to go on the "options" line, not the "linux" line. Can't believe I missed that roll

Damn, Didn't know that thanks, even if i put the parameters in the options line, is there any way i can cross the 255 character limit.

Offline

#4 2024-08-29 11:40:12

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 23,430

Re: Boot Entry Vanishes from systemd-boot after adding boot parameters

Pretty sure the limit is not that small, 2048 is likely closer on x86_64 ... https://github.com/torvalds/linux/blob/ … setup.h#L7

More importantly don't throw random parameters against the wall, just because random blogpost randomly reccommends them. The vast majority of these is already default on a hardened kernel, enabling selinux while not having selinux setup will also generally break things.

If you want work at that level of granularity you need much better understanding of what each option does, which of them are already enabled on a hardened kernel anyway (read and understand the config: https://gitlab.archlinux.org/archlinux/ … type=heads -- all the spectre and page alloc shuffle stuff is already default anyway, for example ) and what their actual relevance to your system is going to be. While that doesn't really explain why the boot entry would disappear, chances that the resulting config will actually boot properly are quite slim.

Last edited by V1del (2024-08-29 11:47:16)

Offline

#5 2024-08-29 17:14:38

Head_on_a_Stick
Member
From: The Wirral
Registered: 2014-02-20
Posts: 8,423
Website

Re: Boot Entry Vanishes from systemd-boot after adding boot parameters

V1del wrote:

2048 is likely closer on x86_64

Thanks for the correction, and apologies to the OP.

V1del wrote:

While that doesn't really explain why the boot entry would disappear

The boot entry failed to appear because the new parameters were added to the "linux" line rather than the "options" line, thus rendering the entry non-viable.

@OP: some of the parameters can be applied via sysctl.conf(5), if that helps at all.

Or just use OpenBSD instead if you're that worried about security. It's far from perfect but probably better than Linux. The codebase is much smaller, the OS is regularly audited for security issues, and the developers actually care about security issues.

Para todos todo, para nosotros nada

Offline

Pages: 1

Board footer

Powered by FluxBB