initramfs-init: disable emergency shell with norecovery_shell (!177) · Merge requests · alpine / mkinitfs

Sertonix requested to merge sertonix/mkinitfs:panic into master Jul 23, 2024

An emergency shell could be used to easily extract TPM secrets from a secure boot setup. So it needs to be disabled for such setups.

There is no standard way to disable emergency shells in initramfs. initramfs-tools used by debian disables the emergency shells when the panic= parameter is set 0. With dracut the emergency shell can be disabled with rd.shell=0 1. mkinitcpio and booster don't have such option.

Ref: #25 (comment 381427)

initramfs-init: disable emergency shell with norecovery_shell

Merge request reports