Script to generate kernel parmeters doesn't consider boot config

[arnaldo2792]

What's the problem

The script that is used to generate the kernel parameters table doesn't consider boot configs. This results in the wrong kernel parameters for the FIPS variants, as they should have listed fips=1.

See release.spec

Potential solution

This is going to be tricky to automate since the boot config could change depending on the variant. The script could iterate through all the variants, fetch the .img.lz4 files from the TUF repository, mount them and inspect the private partition for bootconfig.data. If the file exists, read it and include the contents in the table. An example of the contents is as follows:

[root@admin]# cat /.bottlerocket/rootfs/var/lib/bottlerocket/bootconfig.data
kernel.initcall_blacklist = "vmd_drv_init", "megasas_init", "mpt3sas_init", "pqi_init"
kernel.fips = "1"
kernel.module_blacklist = "i8042"
init.systemd.unit = "fipscheck.target"
{=#BOOTCONFIG

The problem is the offset that has to be specified to mount the file, as it could change depending on the variant being built. To figure out the offset, one can use sfdisk and grep for BOTTLEROCKET-PRIVATE:

└─> ❯ sfdisk bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img --list -o +Name
Disk bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img: 2 GiB, 2147483648 bytes, 4194304 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: F394D8C0-276E-44F6-8526-D2ED5BF62CFA

Device                                             Start     End Sectors  Size Type       Name
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img1     2048   10239    8192    4M BIOS boot  BIOS-BOOT
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img2    10240   20479   10240    5M EFI System EFI-SYSTEM
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img3    20480  102399   81920   40M unknown    BOTTLEROCKET-BOOT-A
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img4   102400 1986559 1884160  920M unknown    BOTTLEROCKET-ROOT-A
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img5  1986560 2007039   20480   10M unknown    BOTTLEROCKET-HASH-A
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img6  2007040 2058239   51200   25M unknown    BOTTLEROCKET-RESERVED-A
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img7  2058240 2068479   10240    5M unknown    EFI-BACKUP
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img8  2068480 2150399   81920   40M unknown    BOTTLEROCKET-BOOT-B
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img9  2150400 4034559 1884160  920M unknown    BOTTLEROCKET-ROOT-B
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img10 4034560 4055039   20480   10M unknown    BOTTLEROCKET-HASH-B
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img11 4055040 4106239   51200   25M unknown    BOTTLEROCKET-RESERVED-B
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img12 4106240 4190207   83968   41M unknown    BOTTLEROCKET-PRIVATE
bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img13 4190208 4192255    2048    1M unknown
┌───────────────────> ~ on Fedora

In this disk, the data partition was bottlerocket-aws-ecs-2-fips-x86_64-v1.27.0.img12

Expected values for the FIPS variant:

console=tty0
console=ttyS0,115200n8
net.ifnames=0
netdog.default-interface=eth0:dhcp4,dhcp6?
quiet
kernel.fips = 1
init.systemd.unit = fipscheck.target