From 92a0761d553c207012ad17c9d55ec58ddabd9bba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Thu, 5 Feb 2026 11:09:59 +0100 Subject: [PATCH 01/26] core/exec-invoke: add missing char in comment --- src/core/exec-invoke.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 315ef410315b4..b588eb232e371 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -2089,7 +2089,7 @@ static int build_environment( /* If this is D-Bus, tell the nss-systemd module, since it relies on being able to use blocking * Varlink calls back to us for look up dynamic users in PID 1. Break the deadlock between D-Bus and - * PID 1 by disabling use of PID1' NSS interface for looking up dynamic users. */ + * PID 1 by disabling use of PID1's NSS interface for looking up dynamic users. */ if (p->flags & EXEC_NSS_DYNAMIC_BYPASS) { r = strv_extend_with_size(&e, &n, "SYSTEMD_NSS_DYNAMIC_BYPASS=1"); if (r < 0) @@ -2097,8 +2097,8 @@ static int build_environment( } /* We query "root" if this is a system unit and User= is not specified. $USER is always set. $HOME - * could cause problem for e.g. getty, since login doesn't override $HOME, and $LOGNAME and $SHELL don't - * really make much sense since we're not logged in. Hence we conditionalize the three based on + * could cause problem for e.g. getty, since login doesn't override $HOME, and $LOGNAME and $SHELL + * don't really make much sense since we're not logged in. Hence we conditionalize the three based on * SetLoginEnvironment= switch. */ if (!username && !c->dynamic_user && p->runtime_scope == RUNTIME_SCOPE_SYSTEM) { assert(!c->user); From 457bd2345c35627b1eca036b95029f50b2042142 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Tue, 24 Feb 2026 23:01:12 +0100 Subject: [PATCH 02/26] core/execute: do not suppress ExecSharedRuntime if userns path is specified Follow-up for 79dd24cf14adc809620479d45a7b469cf3e82892 --- src/core/execute.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/execute.c b/src/core/execute.c index 6a7fc65f2027a..50865a2a065a1 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -2437,7 +2437,8 @@ static int exec_shared_runtime_make( assert(id); /* It is not necessary to create ExecSharedRuntime object. */ - if (!exec_needs_network_namespace(c) && !exec_needs_ipc_namespace(c) && c->private_tmp != PRIVATE_TMP_CONNECTED) { + if (!c->user_namespace_path && !exec_needs_network_namespace(c) && !exec_needs_ipc_namespace(c) && + c->private_tmp != PRIVATE_TMP_CONNECTED) { *ret = NULL; return 0; } From 2e71d0a2bdcae7b7767041c1de4d5672fb347813 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Tue, 24 Feb 2026 23:33:24 +0100 Subject: [PATCH 03/26] core/unit: refuse UserNamespacePath= + PrivateUsers= Such setup makes zero sense, as if we unshare userns ourselves we'd immediately lose CAP_SYS_ADMIN over the userns specified. --- src/core/unit.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/core/unit.c b/src/core/unit.c index 1995bb7f8eb05..5d3282e12163f 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4329,14 +4329,17 @@ static int unit_verify_contexts(const Unit *u) { if (exec_needs_pid_namespace(ec, /* params= */ NULL) && !UNIT_VTABLE(u)->notify_pidref) return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "PrivatePIDs= setting is only supported for service units. Refusing."); + if ((ec->user || ec->dynamic_user || ec->group || ec->pam_name) && ec->private_users == PRIVATE_USERS_MANAGED) + return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "PrivateUsers=managed may not be used in combination with User=/DynamicUser=/Group=/PAMName=, refusing."); + + if (ec->user_namespace_path && ec->private_users != PRIVATE_USERS_NO) + return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "PrivateUsers= may not be used with custom UserNamespacePath=, refusing."); + const KillContext *kc = unit_get_kill_context(u); if (ec->pam_name && kc && !IN_SET(kc->kill_mode, KILL_CONTROL_GROUP, KILL_MIXED)) return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "Unit has PAM enabled. Kill mode must be set to 'control-group' or 'mixed'. Refusing."); - if ((ec->user || ec->dynamic_user || ec->group || ec->pam_name) && ec->private_users == PRIVATE_USERS_MANAGED) - return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "PrivateUsers=managed may not be used in combination with User=/DynamicUser=/Group=/PAMName=, refusing."); - return 0; } From a45fb074fedb488f5d16a0a3a50bd0e866453756 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Wed, 25 Feb 2026 09:26:44 +0100 Subject: [PATCH 04/26] core/namespace: rename() might return ENOTEMPTY if target dir exists --- src/core/namespace.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index d363ac0973aac..aa80570885e15 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -3338,6 +3338,8 @@ static int make_tmp_prefix(const char *prefix) { _cleanup_close_ int fd = -EBADF; int r; + assert(prefix); + /* Don't do anything unless we know the dir is actually missing */ r = access(prefix, F_OK); if (r >= 0) @@ -3369,7 +3371,7 @@ static int make_tmp_prefix(const char *prefix) { r = RET_NERRNO(rename(t, prefix)); if (r < 0) { (void) rmdir(t); - return r == -EEXIST ? 0 : r; /* it's fine if someone else created the dir by now */ + return IN_SET(r, -EEXIST, -ENOTEMPTY) ? 0 : r; /* it's fine if someone else created the dir by now */ } return 0; From e438e5923d60440b643560799e41ea3092ae5cbe Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Wed, 25 Feb 2026 09:23:50 +0100 Subject: [PATCH 05/26] core/namespace: two fixes for namespace_cleanup_tmpdir() * Make sure we're not passing NULL to rmdir() * Remove the inner "tmp" subdir as well, so that callers can handle this transparently (e.g. exec_shared_runtime_make() is not aware of the nested rmdir() requirements) While at it, remove unneeded PROTECT_ERRNO. --- src/core/namespace.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index aa80570885e15..b97eabd51bf5a 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -3333,6 +3333,23 @@ int temporary_filesystem_add( return 0; } +char* namespace_cleanup_tmpdir(char *p) { + if (!p) + return NULL; + + if (!streq(p, RUN_SYSTEMD_EMPTY)) { + _cleanup_free_ char *child = path_join(p, "tmp"); + if (!child) + log_oom_debug(); + else + (void) rmdir(child); + + (void) rmdir(p); + } + + return mfree(p); +} + static int make_tmp_prefix(const char *prefix) { _cleanup_free_ char *t = NULL; _cleanup_close_ int fd = -EBADF; @@ -3444,13 +3461,6 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch return 0; } -char* namespace_cleanup_tmpdir(char *p) { - PROTECT_ERRNO; - if (!streq_ptr(p, RUN_SYSTEMD_EMPTY)) - (void) rmdir(p); - return mfree(p); -} - int setup_tmp_dirs(const char *id, char **tmp_dir, char **var_tmp_dir) { _cleanup_(namespace_cleanup_tmpdirp) char *a = NULL; _cleanup_(rmdir_and_freep) char *a_tmp = NULL; From 0d10a125f6047016a63003a9607243da81838c74 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Tue, 24 Feb 2026 23:08:40 +0100 Subject: [PATCH 06/26] core/execute: make exec_shared_runtime_make() handle distinct PrivateTmp= modes properly --- src/core/execute.c | 19 ++++++++---- src/core/namespace.c | 65 +++++++++++++-------------------------- src/core/namespace.h | 5 +-- src/test/test-namespace.c | 3 +- 4 files changed, 38 insertions(+), 54 deletions(-) diff --git a/src/core/execute.c b/src/core/execute.c index 50865a2a065a1..439f4b7b4149e 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -2394,7 +2394,6 @@ static int exec_shared_runtime_add( if (r < 0) return r; - assert(!!rt->tmp_dir == !!rt->var_tmp_dir); /* We require both to be set together */ rt->tmp_dir = TAKE_PTR(*tmp_dir); rt->var_tmp_dir = TAKE_PTR(*var_tmp_dir); @@ -2438,16 +2437,24 @@ static int exec_shared_runtime_make( /* It is not necessary to create ExecSharedRuntime object. */ if (!c->user_namespace_path && !exec_needs_network_namespace(c) && !exec_needs_ipc_namespace(c) && - c->private_tmp != PRIVATE_TMP_CONNECTED) { + c->private_tmp != PRIVATE_TMP_CONNECTED && c->private_var_tmp != PRIVATE_TMP_CONNECTED) { *ret = NULL; return 0; } if (c->private_tmp == PRIVATE_TMP_CONNECTED && - !(prefixed_path_strv_contains(c->inaccessible_paths, "/tmp") && - (prefixed_path_strv_contains(c->inaccessible_paths, "/var/tmp") || - prefixed_path_strv_contains(c->inaccessible_paths, "/var")))) { - r = setup_tmp_dirs(id, &tmp_dir, &var_tmp_dir); + !prefixed_path_strv_contains(c->inaccessible_paths, "/tmp")) { + + r = setup_tmp_dir_one(id, "/tmp", &tmp_dir); + if (r < 0) + return r; + } + + if (c->private_var_tmp == PRIVATE_TMP_CONNECTED && + !prefixed_path_strv_contains(c->inaccessible_paths, "/var/tmp") && + !prefixed_path_strv_contains(c->inaccessible_paths, "/var")) { + + r = setup_tmp_dir_one(id, "/var/tmp", &var_tmp_dir); if (r < 0) return r; } diff --git a/src/core/namespace.c b/src/core/namespace.c index b97eabd51bf5a..f899fa241c0ce 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -3394,16 +3394,15 @@ static int make_tmp_prefix(const char *prefix) { return 0; } -static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, char **tmp_path) { - _cleanup_free_ char *x = NULL; - _cleanup_free_ char *y = NULL; +int setup_tmp_dir_one(const char *id, const char *prefix, char **ret_path) { + _cleanup_free_ char *d = NULL; sd_id128_t boot_id; bool rw = true; int r; assert(id); assert(prefix); - assert(path); + assert(ret_path); /* We include the boot id in the directory so that after a * reboot we can easily identify obsolete directories. */ @@ -3412,8 +3411,8 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch if (r < 0) return r; - x = strjoin(prefix, "/systemd-private-", SD_ID128_TO_STRING(boot_id), "-", id, "-XXXXXX"); - if (!x) + d = strjoin(prefix, "/systemd-private-", SD_ID128_TO_STRING(boot_id), "-", id, "-XXXXXX"); + if (!d) return -ENOMEM; r = make_tmp_prefix(prefix); @@ -3421,7 +3420,7 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch return r; WITH_UMASK(0077) - if (!mkdtemp(x)) { + if (!mkdtemp(d)) { if (errno == EROFS || ERRNO_IS_DISK_SPACE(errno)) rw = false; else @@ -3429,20 +3428,25 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch } if (rw) { - y = strjoin(x, "/tmp"); - if (!y) + _cleanup_free_ char *inner_dir = path_join(d, "tmp"); + if (!inner_dir) { + (void) rmdir(d); return -ENOMEM; + } WITH_UMASK(0000) - if (mkdir(y, 0777 | S_ISVTX) < 0) - return -errno; - - r = label_fix_full(AT_FDCWD, y, prefix, 0); - if (r < 0) + r = RET_NERRNO(mkdir(inner_dir, 0777 | S_ISVTX)); + if (r < 0) { + (void) rmdir(d); return r; + } - if (tmp_path) - *tmp_path = TAKE_PTR(y); + r = label_fix_full(AT_FDCWD, inner_dir, prefix, 0); + if (r < 0) { + (void) rmdir(inner_dir); + (void) rmdir(d); + return r; + } } else { /* Trouble: we failed to create the directory. Instead of failing, let's simulate /tmp being * read-only. This way the service will get the EROFS result as if it was writing to the real @@ -3452,37 +3456,12 @@ static int setup_one_tmp_dir(const char *id, const char *prefix, char **path, ch if (r < 0) return r; - r = free_and_strdup(&x, RUN_SYSTEMD_EMPTY); + r = free_and_strdup(&d, RUN_SYSTEMD_EMPTY); if (r < 0) return r; } - *path = TAKE_PTR(x); - return 0; -} - -int setup_tmp_dirs(const char *id, char **tmp_dir, char **var_tmp_dir) { - _cleanup_(namespace_cleanup_tmpdirp) char *a = NULL; - _cleanup_(rmdir_and_freep) char *a_tmp = NULL; - char *b; - int r; - - assert(id); - assert(tmp_dir); - assert(var_tmp_dir); - - r = setup_one_tmp_dir(id, "/tmp", &a, &a_tmp); - if (r < 0) - return r; - - r = setup_one_tmp_dir(id, "/var/tmp", &b, NULL); - if (r < 0) - return r; - - a_tmp = mfree(a_tmp); /* avoid rmdir */ - *tmp_dir = TAKE_PTR(a); - *var_tmp_dir = TAKE_PTR(b); - + *ret_path = TAKE_PTR(d); return 0; } diff --git a/src/core/namespace.h b/src/core/namespace.h index 318836651cd8a..f5d792dd77144 100644 --- a/src/core/namespace.h +++ b/src/core/namespace.h @@ -232,10 +232,7 @@ int setup_namespace(const NamespaceParameters *p, char **reterr_path); char* namespace_cleanup_tmpdir(char *p); DEFINE_TRIVIAL_CLEANUP_FUNC(char*, namespace_cleanup_tmpdir); -int setup_tmp_dirs( - const char *id, - char **tmp_dir, - char **var_tmp_dir); +int setup_tmp_dir_one(const char *id, const char *prefix, char **ret_path); int setup_shareable_ns(int ns_storage_socket[static 2], unsigned long nsflag); int open_shareable_ns_path(int netns_storage_socket[static 2], const char *path, unsigned long nsflag); diff --git a/src/test/test-namespace.c b/src/test/test-namespace.c index 5b67cd9f96e64..899f8f635103c 100644 --- a/src/test/test-namespace.c +++ b/src/test/test-namespace.c @@ -43,7 +43,8 @@ static void test_tmpdir_one(const char *id, const char *A, const char *B) { struct stat x, y; char *c, *d; - ASSERT_OK_ZERO(setup_tmp_dirs(id, &a, &b)); + ASSERT_OK(setup_tmp_dir_one(id, "/tmp", &a)); + ASSERT_OK(setup_tmp_dir_one(id, "/var/tmp", &b)); ASSERT_OK_ERRNO(stat(a, &x)); ASSERT_OK_ERRNO(stat(b, &y)); From 9984a35d651f5b9851ad17c3a726dd2dc7eae2b5 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Tue, 24 Feb 2026 23:11:55 +0100 Subject: [PATCH 07/26] core/execute: stop looking at ExecSharedRuntime to determine PrivateTmp= state The only reason why ExecSharedRuntime.(var_)tmp_dir might be suppressed is when (/var)/tmp/ is listed in InaccessiblePaths=, in which case mount namespace is needed anyways. Moreover, the current logic imposes a chicken-and-egg problem: at various places in pid1 we'd need to check whether the unit runs in a mountns, but the ExecSharedRuntime may not be allocated for it just yet. --- src/core/exec-invoke.c | 4 ++-- src/core/execute.c | 13 ++----------- src/core/execute.h | 2 +- src/core/service.c | 2 +- src/core/unit.c | 2 +- 5 files changed, 7 insertions(+), 16 deletions(-) diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index b588eb232e371..10a7b550066ec 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -4833,7 +4833,7 @@ static int setup_delegated_namespaces( /* If PrivatePIDs= yes is configured, we're now running as pid 1 in a pid namespace! */ - if (exec_needs_mount_namespace(context, params, runtime) && + if (exec_needs_mount_namespace(context, params) && exec_namespace_is_delegated(context, params, have_cap_sys_admin, CLONE_NEWNS) == delegate) { _cleanup_free_ char *error_path = NULL; @@ -5829,7 +5829,7 @@ int exec_invoke( return log_error_errno(r, "Failed to connect to nsresourced: %m"); } - needs_mount_namespace = exec_needs_mount_namespace(context, params, runtime); + needs_mount_namespace = exec_needs_mount_namespace(context, params); for (ExecDirectoryType dt = 0; dt < _EXEC_DIRECTORY_TYPE_MAX; dt++) { r = setup_exec_directory(context, params, uid, gid, dt, needs_mount_namespace, exit_status); diff --git a/src/core/execute.c b/src/core/execute.c index 439f4b7b4149e..a2d148fde531a 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -256,11 +256,7 @@ bool exec_needs_pid_namespace(const ExecContext *context, const ExecParameters * return context->private_pids != PRIVATE_PIDS_NO && namespace_type_supported(NAMESPACE_PID); } -bool exec_needs_mount_namespace( - const ExecContext *context, - const ExecParameters *params, - const ExecRuntime *runtime) { - +bool exec_needs_mount_namespace(const ExecContext *context, const ExecParameters *params) { assert(context); if (context->root_image || @@ -295,13 +291,8 @@ bool exec_needs_mount_namespace( if (!IN_SET(context->mount_propagation_flag, 0, MS_SHARED)) return true; - if (context->private_tmp == PRIVATE_TMP_DISCONNECTED) - return true; - - if (context->private_tmp == PRIVATE_TMP_CONNECTED && runtime && runtime->shared && (runtime->shared->tmp_dir || runtime->shared->var_tmp_dir)) - return true; - if (context->private_devices || + context->private_tmp != PRIVATE_TMP_NO || /* no need to check for private_var_tmp here, private_tmp is never demoted to "no" */ context->private_mounts > 0 || (context->private_mounts < 0 && exec_needs_network_namespace(context)) || context->protect_system != PROTECT_SYSTEM_NO || diff --git a/src/core/execute.h b/src/core/execute.h index c5f3988371658..094b0a3a448d4 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -638,7 +638,7 @@ DECLARE_STRING_TABLE_LOOKUP(exec_resource_type, ExecDirectoryType); DECLARE_STRING_TABLE_LOOKUP(memory_thp, MemoryTHP); -bool exec_needs_mount_namespace(const ExecContext *context, const ExecParameters *params, const ExecRuntime *runtime); +bool exec_needs_mount_namespace(const ExecContext *context, const ExecParameters *params); bool exec_needs_network_namespace(const ExecContext *context); bool exec_needs_ipc_namespace(const ExecContext *context); bool exec_needs_pid_namespace(const ExecContext *context, const ExecParameters *params); diff --git a/src/core/service.c b/src/core/service.c index b9efd9bdb9cd7..51bba291e8fd4 100644 --- a/src/core/service.c +++ b/src/core/service.c @@ -5800,7 +5800,7 @@ static int service_can_live_mount(Unit *u, sd_bus_error *reterr_error) { Service *s = ASSERT_PTR(SERVICE(u)); /* Ensure that the unit runs in a private mount namespace */ - if (!exec_needs_mount_namespace(&s->exec_context, /* params= */ NULL, s->exec_runtime)) + if (!exec_needs_mount_namespace(&s->exec_context, /* params= */ NULL)) return sd_bus_error_setf( reterr_error, SD_BUS_ERROR_INVALID_ARGS, diff --git a/src/core/unit.c b/src/core/unit.c index 5d3282e12163f..bf4542c08074c 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4323,7 +4323,7 @@ static int unit_verify_contexts(const Unit *u) { return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "WorkingDirectory=~ is not allowed under DynamicUser=yes. Refusing."); if (ec->working_directory && path_below_api_vfs(ec->working_directory) && - exec_needs_mount_namespace(ec, /* params= */ NULL, /* runtime= */ NULL)) + exec_needs_mount_namespace(ec, /* params= */ NULL)) return log_unit_error_errno(u, SYNTHETIC_ERRNO(ENOEXEC), "WorkingDirectory= may not be below /proc/, /sys/ or /dev/ when using mount namespacing. Refusing."); if (exec_needs_pid_namespace(ec, /* params= */ NULL) && !UNIT_VTABLE(u)->notify_pidref) From fa33eef344373ca5c8acd6c24270454f05672534 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Nov 2025 13:51:41 +0100 Subject: [PATCH 08/26] core: upgrade /tmp when PrivateTmp=yes/DefaultDeps=no to disconnected In https://github.com/systemd/systemd/issues/28515, multiple people report that services that have PrivateTmp=yes and DefaultDependencies=no fail to create the temporary directories under /tmp, when /tmp is e.g. a bind mount or some other kind of mount that takes more time. Before PrivateTmp=disconnected was added, we didn't have a nice solution: DefaultDependencies=no is used to start services very early, so we wouldn't want to add a dependency on /tmp automatically. With PrivateTmp=disconnected we have a fairly nice solution. Let's "upgrade" to this mode automatically. Strictly speaking, it is a small compat break, but in practice it's unlikely to matter for early-boot services whether their /tmp is private or disconnected. The dependency on /tmp that is checked is After. I think this is enough, since any tmp.mount would be pulled in by local-fs.target and the rest of the transaction anyway, so we don't need to check more than After. The asserts are relaxed, because now the two settings can now diverge in either way. Resolves https://github.com/systemd/systemd/issues/28515. [yhndnzj: fix unit_add_exec_dependencies() to handle the new combination; add a comment in exec_needs_sys_admin()] --- man/systemd.exec.xml | 11 ++++++-- src/core/exec-invoke.c | 12 ++++---- src/core/execute.h | 6 ++-- src/core/namespace.c | 4 +-- src/core/unit.c | 62 ++++++++++++++++++++++++++++++++++++------ 5 files changed, 72 insertions(+), 23 deletions(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index c89adad66a4aa..3f06f564b33c8 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -63,10 +63,15 @@ Units with PrivateTmp=yes automatically gain dependencies of type Wants= and After= on all mounts required to access - /tmp/ and /var/tmp/. They will also gain an automatic + /tmp/ and /var/tmp/ and an automatic After= dependency on - systemd-tmpfiles-setup.service8. - + systemd-tmpfiles-setup.service8, + unless DefaultDependencies=no is specified. If + DefaultDependencies=no is specified, and a + RequiresMountsFor=/tmp/, WantsMountsFor=/tmp/, + After=tmp.mount, or RootDirectory=/RootImage= + are not specified, PrivateTmp=yes is converted to + PrivateTmp=disconnected. Units with PrivateTmp=disconnected automatically gain dependencies of type Wants= and After= on the mount required to access diff --git a/src/core/exec-invoke.c b/src/core/exec-invoke.c index 10a7b550066ec..25c12ece258fb 100644 --- a/src/core/exec-invoke.c +++ b/src/core/exec-invoke.c @@ -2248,10 +2248,8 @@ static int build_environment( } assert(c->private_var_tmp >= 0 && c->private_var_tmp < _PRIVATE_TMP_MAX); - if (needs_sandboxing && c->private_tmp != c->private_var_tmp) { - assert(c->private_tmp == PRIVATE_TMP_DISCONNECTED); - assert(c->private_var_tmp == PRIVATE_TMP_NO); - + if (needs_sandboxing && + c->private_var_tmp == PRIVATE_TMP_NO && c->private_tmp != PRIVATE_TMP_NO) { /* When private tmpfs is enabled only on /tmp/, then explicitly set $TMPDIR to suggest the * service to use /tmp/. */ @@ -3907,14 +3905,16 @@ static int apply_mount_namespace( if (needs_sandboxing) { /* The runtime struct only contains the parent of the private /tmp, which is non-accessible * to world users. Inside of it there's a /tmp that is sticky, and that's the one we want to - * use here. This does not apply when we are using /run/systemd/empty as fallback. */ + * use here. This does not apply when we are using /run/systemd/empty as fallback. */ if (context->private_tmp == PRIVATE_TMP_CONNECTED && runtime->shared) { if (streq_ptr(runtime->shared->tmp_dir, RUN_SYSTEMD_EMPTY)) tmp_dir = runtime->shared->tmp_dir; else if (runtime->shared->tmp_dir) tmp_dir = strjoina(runtime->shared->tmp_dir, "/tmp"); + } + if (context->private_var_tmp == PRIVATE_TMP_CONNECTED && runtime->shared) { if (streq_ptr(runtime->shared->var_tmp_dir, RUN_SYSTEMD_EMPTY)) var_tmp_dir = runtime->shared->var_tmp_dir; else if (runtime->shared->var_tmp_dir) @@ -4624,7 +4624,7 @@ static bool exec_needs_cap_sys_admin(const ExecContext *context, const ExecParam return false; return context->private_users != PRIVATE_USERS_NO || - context->private_tmp != PRIVATE_TMP_NO || + context->private_tmp != PRIVATE_TMP_NO || /* no need to check for private_var_tmp here, private_tmp is never demoted to "no" */ context->private_devices || context->private_network || context->user_namespace_path || diff --git a/src/core/execute.h b/src/core/execute.h index 094b0a3a448d4..3d5e92cccf0fe 100644 --- a/src/core/execute.h +++ b/src/core/execute.h @@ -333,9 +333,9 @@ typedef struct ExecContext { int bind_log_sockets; int memory_ksm; MemoryTHP memory_thp; - PrivateTmp private_tmp; - PrivateTmp private_var_tmp; /* This is not an independent parameter, but calculated from other - * parameters in unit_patch_contexts(). */ + PrivateTmp private_tmp; /* Those are not independent parameters, but are calculated from */ + PrivateTmp private_var_tmp; /* other parameters in unit_patch_contexts(). */ + bool private_network; bool private_devices; PrivateUsers private_users; diff --git a/src/core/namespace.c b/src/core/namespace.c index f899fa241c0ce..54504564aba99 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -756,8 +756,8 @@ static int append_private_tmp(MountList *ml, const NamespaceParameters *p) { assert(ml); assert(p); - assert(p->private_tmp == p->private_var_tmp || - (p->private_tmp == PRIVATE_TMP_DISCONNECTED && p->private_var_tmp == PRIVATE_TMP_NO)); + assert(p->private_tmp >= 0 && p->private_tmp < _PRIVATE_TMP_MAX); + assert(p->private_var_tmp >= 0 && p->private_var_tmp < _PRIVATE_TMP_MAX); if (p->tmp_dir) { assert(p->private_tmp == PRIVATE_TMP_CONNECTED); diff --git a/src/core/unit.c b/src/core/unit.c index bf4542c08074c..dc158fb335b84 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -1310,20 +1310,15 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { assert(c->private_var_tmp >= 0 && c->private_var_tmp < _PRIVATE_TMP_MAX); if (c->private_tmp == PRIVATE_TMP_CONNECTED) { - assert(c->private_var_tmp == PRIVATE_TMP_CONNECTED); - r = unit_add_mounts_for(u, "/tmp/", UNIT_DEPENDENCY_FILE, UNIT_MOUNT_WANTS); if (r < 0) return r; + } + if (c->private_var_tmp == PRIVATE_TMP_CONNECTED) { r = unit_add_mounts_for(u, "/var/tmp/", UNIT_DEPENDENCY_FILE, UNIT_MOUNT_WANTS); if (r < 0) return r; - - r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE); - if (r < 0) - return r; - } else if (c->private_var_tmp == PRIVATE_TMP_DISCONNECTED && !exec_context_with_rootfs(c)) { /* Even if PrivateTmp=disconnected, we still require /var/tmp/ mountpoint to be present, * i.e. /var/ needs to be mounted. See comments in unit_patch_contexts(). */ @@ -1332,6 +1327,12 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) { return r; } + if (c->private_tmp == PRIVATE_TMP_CONNECTED || c->private_var_tmp == PRIVATE_TMP_CONNECTED) { + r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, true, UNIT_DEPENDENCY_FILE); + if (r < 0) + return r; + } + if (c->root_image || c->root_mstack) { /* We need to wait for /dev/loopX to appear when doing RootImage=, hence let's add an * implicit dependency on udev. (And for RootMStack= we might need it) */ @@ -4349,8 +4350,8 @@ static PrivateTmp unit_get_private_var_tmp(const Unit *u, const ExecContext *c) assert(c->private_tmp >= 0 && c->private_tmp < _PRIVATE_TMP_MAX); /* Disable disconnected private tmpfs on /var/tmp/ when DefaultDependencies=no and - * RootImage=/RootDirectory= are not set, as /var/ may be a separated partition. - * See issue #37258. */ + * RootImage=/RootDirectory= are not set, as /var/ may be a separate partition. + * See https://github.com/systemd/systemd/issues/37258. */ /* PrivateTmp=yes/no also enables/disables private tmpfs on /var/tmp/. */ if (c->private_tmp != PRIVATE_TMP_DISCONNECTED) @@ -4388,6 +4389,42 @@ static PrivateTmp unit_get_private_var_tmp(const Unit *u, const ExecContext *c) return PRIVATE_TMP_NO; } +static PrivateTmp unit_get_private_tmp(const Unit *u, const ExecContext *c) { + assert(u); + assert(c); + assert(c->private_tmp >= 0 && c->private_tmp < _PRIVATE_TMP_MAX); + + /* Upgrade "PrivateTmp=yes" (a.k.a. 'connected') to 'disconnected' when + * DefaultDependencies=no and RootImage=/RootDirectory= are not set, as /tmp/ may be a + * separate partition. See https://github.com/systemd/systemd/issues/28515. + * + * Note that the change goes in the opposite direction than unit_get_private_var_tmp() + * above. For /var/tmp/, we need to disable the setting, because we don't want to create + * the /var/tmp/ directory if /var/ is a mount point. We don't have this problem with + * /tmp/ because there is no nesting. */ + + if (c->private_tmp != PRIVATE_TMP_CONNECTED || + u->default_dependencies || + exec_context_with_rootfs(c)) + return c->private_tmp; + + /* Even if DefaultDependencies=no, honour tmpfs setting when + * RequiresMountsFor=/WantsMountsFor=/tmp/ is explicitly set. */ + for (UnitMountDependencyType t = 0; t < _UNIT_MOUNT_DEPENDENCY_TYPE_MAX; t++) + if (hashmap_contains(u->mounts_for[t], "/tmp/")) + return c->private_tmp; + + /* Check the same but for After=. */ + Unit *m = manager_get_unit(u->manager, "tmp.mount"); + if (!m) + return c->private_tmp; + + if (unit_has_dependency(u, UNIT_ATOM_AFTER, m)) + return c->private_tmp; + + return PRIVATE_TMP_DISCONNECTED; +} + int unit_patch_contexts(Unit *u) { CGroupContext *cc; ExecContext *ec; @@ -4464,7 +4501,14 @@ int unit_patch_contexts(Unit *u) { ec->restrict_suid_sgid = true; } + /* Table of possible combinations: + * /var/tmp /tmp + * PrivateTmp=no no no + * PrivateTmp=connected connected connected,disconnected + * PrivateTmp=disconnected disconnected,no disconnected + */ ec->private_var_tmp = unit_get_private_var_tmp(u, ec); + ec->private_tmp = unit_get_private_tmp(u, ec); FOREACH_ARRAY(d, ec->directories, _EXEC_DIRECTORY_TYPE_MAX) exec_directory_sort(d); From 0a17bb5c343acd3d75df22499d0cf2fce458d140 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 18 Nov 2025 15:12:55 +0100 Subject: [PATCH 09/26] core: simplify requirements in unit_get_private_var_tmp() to just After= As in the previous commit, checking for both requirements and ordering seems unnecessary. In practical cases, the mount will be pulled in by the rest of the transaction, so ordering is the part that matters. (The setup is racy without the ordering.) If we drop the second check, the admin can just use After=tmp.mount to achieve the desired behaviour, without needing to explicitly pull in the unit. This is easier to configure and more robust. This changes the implementation introduced in 6156bec7a464815084fa5218fe782ea6cb20ad52. Also actually describe the implemented behaviour in the man page. --- man/systemd.exec.xml | 8 +++++++- src/core/unit.c | 12 ++---------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index 3f06f564b33c8..e7d5e63c963de 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -76,7 +76,13 @@ Units with PrivateTmp=disconnected automatically gain dependencies of type Wants= and After= on the mount required to access /var/, unless DefaultDependencies=no and/or - RootDirectory=/RootImage= are specified. + RootDirectory=/RootImage= are specified. If + DefaultDependencies=no is specified, and a + RequiresMountsFor=/var/, WantsMountsFor=/var/, + After=var.mount, RootDirectory=/RootImage= are + not specified, the private mount on /tmp/ is reused for + /var/tmp/ by setting $TMPDIR appropriately. + Units whose standard output or error output is connected to or (or their combinations with console output, see below) automatically acquire diff --git a/src/core/unit.c b/src/core/unit.c index dc158fb335b84..bb3430186cab0 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4373,17 +4373,9 @@ static PrivateTmp unit_get_private_var_tmp(const Unit *u, const ExecContext *c) if (hashmap_contains(u->mounts_for[t], "/var/")) return PRIVATE_TMP_DISCONNECTED; - /* Check the same but for After= with Requires=/Requisite=/Wants= or friends. */ + /* Check the same but for After=. */ Unit *m = manager_get_unit(u->manager, "var.mount"); - if (!m) - return PRIVATE_TMP_NO; - - if (!unit_has_dependency(u, UNIT_ATOM_AFTER, m)) - return PRIVATE_TMP_NO; - - if (unit_has_dependency(u, UNIT_ATOM_PULL_IN_START, m) || - unit_has_dependency(u, UNIT_ATOM_PULL_IN_VERIFY, m) || - unit_has_dependency(u, UNIT_ATOM_PULL_IN_START_IGNORED, m)) + if (m && unit_has_dependency(u, UNIT_ATOM_AFTER, m)) return PRIVATE_TMP_DISCONNECTED; return PRIVATE_TMP_NO; From 2b67122cdf931bb91d7bf27f6f71e7173d1c5288 Mon Sep 17 00:00:00 2001 From: Mike Yuan Date: Tue, 24 Feb 2026 19:40:14 +0100 Subject: [PATCH 10/26] core/namespace: clean up append_private_tmp() a bit With the previous changes the modes for /tmp/ and /var/tmp/ may come in arbitrary directions, i.e. we may downgrade one and upgrade another. Hence let's refactor the setup logic a bit so they're truly independent. --- src/core/namespace.c | 82 +++++++++++++++++++++++++------------------- 1 file changed, 47 insertions(+), 35 deletions(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index 54504564aba99..9727d725eb7df 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -751,59 +751,71 @@ static int append_tmpfs_mounts(MountList *ml, const TemporaryFileSystem *tmpfs, return 0; } -static int append_private_tmp(MountList *ml, const NamespaceParameters *p) { - MountEntry *me; +static int append_private_tmp_one( + MountList *ml, + PrivateTmp mode, + const char *path, + const char *connected_source) { assert(ml); - assert(p); - assert(p->private_tmp >= 0 && p->private_tmp < _PRIVATE_TMP_MAX); - assert(p->private_var_tmp >= 0 && p->private_var_tmp < _PRIVATE_TMP_MAX); + assert(mode >= 0 && mode < _PRIVATE_TMP_MAX); + assert(path); - if (p->tmp_dir) { - assert(p->private_tmp == PRIVATE_TMP_CONNECTED); + if (mode == PRIVATE_TMP_NO) + return 0; - me = mount_list_extend(ml); - if (!me) - return log_oom_debug(); - *me = (MountEntry) { - .path_const = "/tmp/", - .mode = MOUNT_PRIVATE_TMP, - .read_only = streq(p->tmp_dir, RUN_SYSTEMD_EMPTY), - .source_const = p->tmp_dir, - }; - } + if (mode == PRIVATE_TMP_CONNECTED && !connected_source) + /* Do nothing if the private tmp dir was suppressed as it would be made inaccessible anyways + * (see exec_shared_runtime_make()). */ + return 0; - if (p->var_tmp_dir) { - assert(p->private_var_tmp == PRIVATE_TMP_CONNECTED); + MountEntry *me = mount_list_extend(ml); + if (!me) + return log_oom_debug(); - me = mount_list_extend(ml); - if (!me) - return log_oom_debug(); + if (mode == PRIVATE_TMP_CONNECTED) *me = (MountEntry) { - .path_const = "/var/tmp/", + .path_const = path, .mode = MOUNT_PRIVATE_TMP, - .read_only = streq(p->var_tmp_dir, RUN_SYSTEMD_EMPTY), - .source_const = p->var_tmp_dir, + .read_only = streq(connected_source, RUN_SYSTEMD_EMPTY), + .source_const = connected_source, }; - } - - if (p->private_tmp != PRIVATE_TMP_DISCONNECTED) - return 0; - - if (p->private_var_tmp == PRIVATE_TMP_NO) { - me = mount_list_extend(ml); - if (!me) - return log_oom_debug(); + else *me = (MountEntry) { - .path_const = "/tmp/", + .path_const = path, .mode = MOUNT_PRIVATE_TMPFS, .options_const = "mode=0700" NESTED_TMPFS_LIMITS, .flags = MS_NODEV|MS_STRICTATIME, }; + return 0; +} + +static int append_private_tmp(MountList *ml, const NamespaceParameters *p) { + int r; + + assert(ml); + assert(p); + assert(p->private_tmp >= 0 && p->private_tmp < _PRIVATE_TMP_MAX); + assert(p->private_var_tmp >= 0 && p->private_var_tmp < _PRIVATE_TMP_MAX); + + if (p->private_tmp != PRIVATE_TMP_DISCONNECTED || p->private_var_tmp != PRIVATE_TMP_DISCONNECTED) { + r = append_private_tmp_one(ml, p->private_tmp, "/tmp/", p->tmp_dir); + if (r < 0) + return r; + + r = append_private_tmp_one(ml, p->private_var_tmp, "/var/tmp/", p->var_tmp_dir); + if (r < 0) + return r; + return 0; } + /* Fully disconnected private tmp: we mount a single tmpfs instance with two subdirs which are + * bind mounted to /tmp/ and /var/tmp/. */ + + MountEntry *me; + _cleanup_free_ char *tmpfs_dir = NULL, *tmp_dir = NULL, *var_tmp_dir = NULL; tmpfs_dir = path_join(p->private_namespace_dir, "unit-private-tmp"); tmp_dir = path_join(tmpfs_dir, "tmp"); From dc3d1c9bce80779fb4844df1df5d86f674223d75 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 25 Feb 2026 13:50:25 +0000 Subject: [PATCH 11/26] mkosi: update fedora commit reference to 23a1c1fed99e152d9c498204175a7643371a822c * 23a1c1fed9 Install /usr/lib/systemd/boot/hwids/ in ukify package * 985170fdc6 Version 259.1 * 2e10d7da1e Revert getty changes a bit harder * 96c683c3de Revert all remaing changes to getty@.service * 24a305a398 Revert to previous handling of getty@.service * 6a500eb814 Create getty@tty1.service again and move autovt@.service alias to /usr/lib * 88bd4ab206 Properly enable systemd-tmpfiles-clear.service in scriptlets * d9f3f02206 Raise the number of placeholder sections in kernel and addon stubs * e301db0151 Stop enabling getty@tty1.service * a1c33507a2 Fix unit names in systemd-udev scriptlet * b7b3e024d6 Enable getty@.service through presets * ec5e1b1ed7 Move tpm2 and getty support to -udev subpackage * 9c9976a7f8 Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * f353d244fd Add 2 patches for automatic aarch64 DTB selection change * 399885597c Revert "Disable sysinit-path for upstream builds" --- .packit.yml | 2 +- mkosi/mkosi.pkgenv/mkosi.conf.d/centos-fedora.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.packit.yml b/.packit.yml index 1de7bbccf3b91..499b28f7c47fd 100644 --- a/.packit.yml +++ b/.packit.yml @@ -39,7 +39,7 @@ jobs: trigger: pull_request fmf_url: https://src.fedoraproject.org/rpms/systemd # This is automatically updated by tools/fetch-distro.py --update fedora - fmf_ref: 67538c79f250eecbd904aa87e72a44cb3b5ef6f4 + fmf_ref: 23a1c1fed99e152d9c498204175a7643371a822c targets: - fedora-rawhide-x86_64 # testing-farm in the Fedora repository is explicitly configured to use testing-farm bare metal runners as diff --git a/mkosi/mkosi.pkgenv/mkosi.conf.d/centos-fedora.conf b/mkosi/mkosi.pkgenv/mkosi.conf.d/centos-fedora.conf index 4e9a04d43e774..5bd63a6ce1f75 100644 --- a/mkosi/mkosi.pkgenv/mkosi.conf.d/centos-fedora.conf +++ b/mkosi/mkosi.pkgenv/mkosi.conf.d/centos-fedora.conf @@ -9,5 +9,5 @@ Profiles=!hyperscale Environment= GIT_URL=https://src.fedoraproject.org/rpms/systemd.git GIT_BRANCH=rawhide - GIT_COMMIT=67538c79f250eecbd904aa87e72a44cb3b5ef6f4 + GIT_COMMIT=23a1c1fed99e152d9c498204175a7643371a822c PKG_SUBDIR=fedora From 6d20cac84c1a175e5bee9a68bd63265db57430a8 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 24 Feb 2026 18:17:45 +0000 Subject: [PATCH 12/26] test: move test hwids to separate subdirectory Will allow installing the actual hwids as a single subdir --- src/boot/hwids/{ => test}/device1.json | 0 src/boot/hwids/{ => test}/device2.json | 0 src/boot/hwids/{ => test}/device3.json | 0 src/boot/hwids/{ => test}/device4.json | 0 src/boot/meson.build | 4 ++-- 5 files changed, 2 insertions(+), 2 deletions(-) rename src/boot/hwids/{ => test}/device1.json (100%) rename src/boot/hwids/{ => test}/device2.json (100%) rename src/boot/hwids/{ => test}/device3.json (100%) rename src/boot/hwids/{ => test}/device4.json (100%) diff --git a/src/boot/hwids/device1.json b/src/boot/hwids/test/device1.json similarity index 100% rename from src/boot/hwids/device1.json rename to src/boot/hwids/test/device1.json diff --git a/src/boot/hwids/device2.json b/src/boot/hwids/test/device2.json similarity index 100% rename from src/boot/hwids/device2.json rename to src/boot/hwids/test/device2.json diff --git a/src/boot/hwids/device3.json b/src/boot/hwids/test/device3.json similarity index 100% rename from src/boot/hwids/device3.json rename to src/boot/hwids/test/device3.json diff --git a/src/boot/hwids/device4.json b/src/boot/hwids/test/device4.json similarity index 100% rename from src/boot/hwids/device4.json rename to src/boot/hwids/test/device4.json diff --git a/src/boot/meson.build b/src/boot/meson.build index 3d1f66a6582d9..ac84fbb89f09d 100644 --- a/src/boot/meson.build +++ b/src/boot/meson.build @@ -29,10 +29,10 @@ efi_fuzz_template = fuzz_template + efitest_base if conf.get('ENABLE_UKIFY') == 1 test_hwids_section_c = custom_target( - input : ['hwids/device1.json', 'hwids/device2.json', 'hwids/device3.json', 'hwids/device4.json'], + input : ['hwids/test/device1.json', 'hwids/test/device2.json', 'hwids/test/device3.json', 'hwids/test/device4.json'], output : 'test-hwids-section.c', command : [files('generate-hwids-section.py'), - meson.current_source_dir()/'hwids'], + meson.current_source_dir()/'hwids/test'], capture : true, build_by_default : want_tests != 'false') else From d6332fa36763dc2f059b09d4e49747f518794fc5 Mon Sep 17 00:00:00 2001 From: Tobias Heider Date: Mon, 2 Feb 2026 12:08:46 +0100 Subject: [PATCH 13/26] boot: import Snapdragon device hwid json files Add hwids json files for Snapdragon devices that use of this feature since they don't ship with devie trees embedded in firmware. The json files were originally generated for Ubuntu stubble and are kown to work since they ship in all Ubuntu arm64 ISOs by default. Some of the devices might not be supported in mainline Linux yet and use preliminary compatible strings. --- .../aa64/msm8998-lenovo-miix-630-81f1.json | 17 ++++++++++ src/boot/hwids/aa64/sc7180-acer-aspire1.json | 18 ++++++++++ .../aa64/sc8180x-lenovo-flex-5g-81xe.json | 18 ++++++++++ .../aa64/sc8180x-lenovo-flex-5g-82ak.json | 18 ++++++++++ .../hwids/aa64/sc8280xp-huawei-gaokun3.json | 20 +++++++++++ .../sc8280xp-lenovo-thinkpad-x13s-21bx.json | 18 ++++++++++ .../sc8280xp-lenovo-thinkpad-x13s-21by.json | 18 ++++++++++ .../sc8280xp-lenovo-thinkpad-x13s-4810.json | 20 +++++++++++ .../aa64/sc8280xp-microsoft-blackrock.json | 18 ++++++++++ .../sc8280xp-microsoft-surface-pro-9-5G.json | 18 ++++++++++ .../hwids/aa64/sdm850-lenovo-yoga-c630.json | 18 ++++++++++ src/boot/hwids/aa64/x1e001de-devkit.json | 13 ++++++++ .../hwids/aa64/x1e78100-acer-sfa14-11.json | 20 +++++++++++ .../x1e78100-lenovo-thinkpad-t14s-lcd.json | 16 +++++++++ .../x1e78100-lenovo-thinkpad-t14s-oled.json | 13 ++++++++ .../aa64/x1e78100-lenovo-thinkpad-t14s.json | 33 +++++++++++++++++++ .../x1e78100-medion-sprchrgd-14s1-elite.json | 20 +++++++++++ .../aa64/x1e80100-asus-vivobook-s15.json | 20 +++++++++++ .../aa64/x1e80100-asus-zenbook-a14-oled.json | 9 +++++ .../hwids/aa64/x1e80100-asus-zenbook-a14.json | 20 +++++++++++ src/boot/hwids/aa64/x1e80100-crd.json | 16 +++++++++ .../x1e80100-dell-inspiron-14-plus-7441.json | 20 +++++++++++ .../aa64/x1e80100-dell-latitude-7455.json | 17 ++++++++++ .../hwids/aa64/x1e80100-dell-xps13-9345.json | 18 ++++++++++ .../aa64/x1e80100-hp-elitebook-ultra-g1q.json | 20 +++++++++++ .../hwids/aa64/x1e80100-hp-omnibook-x14.json | 17 ++++++++++ .../aa64/x1e80100-lenovo-yoga-slim7x.json | 18 ++++++++++ .../hwids/aa64/x1e80100-microsoft-denali.json | 27 +++++++++++++++ .../aa64/x1e80100-microsoft-romulus13.json | 20 +++++++++++ .../aa64/x1e80100-microsoft-romulus15.json | 20 +++++++++++ .../aa64/x1p42100-acer-swift-go14-01.json | 20 +++++++++++ .../aa64/x1p42100-asus-vivobook-s15.json | 20 +++++++++++ .../hwids/aa64/x1p42100-asus-zenbook-a14.json | 20 +++++++++++ .../hwids/aa64/x1p42100-hp-omnibook-x14.json | 17 ++++++++++ .../aa64/x1p42100-lenovo-ideapad-5-2in1.json | 25 ++++++++++++++ .../x1p42100-lenovo-ideapad-slim-5-oled.json | 20 +++++++++++ .../aa64/x1p42100-lenovo-thinkbook-16.json | 20 +++++++++++ .../x1p42100-microsoft-surface-pro-12in.json | 20 +++++++++++ .../aa64/x1p64100-acer-swift-sf14-11.json | 20 +++++++++++ 39 files changed, 740 insertions(+) create mode 100644 src/boot/hwids/aa64/msm8998-lenovo-miix-630-81f1.json create mode 100644 src/boot/hwids/aa64/sc7180-acer-aspire1.json create mode 100644 src/boot/hwids/aa64/sc8180x-lenovo-flex-5g-81xe.json create mode 100644 src/boot/hwids/aa64/sc8180x-lenovo-flex-5g-82ak.json create mode 100644 src/boot/hwids/aa64/sc8280xp-huawei-gaokun3.json create mode 100644 src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-21bx.json create mode 100644 src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-21by.json create mode 100644 src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-4810.json create mode 100644 src/boot/hwids/aa64/sc8280xp-microsoft-blackrock.json create mode 100644 src/boot/hwids/aa64/sc8280xp-microsoft-surface-pro-9-5G.json create mode 100644 src/boot/hwids/aa64/sdm850-lenovo-yoga-c630.json create mode 100644 src/boot/hwids/aa64/x1e001de-devkit.json create mode 100644 src/boot/hwids/aa64/x1e78100-acer-sfa14-11.json create mode 100644 src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s-lcd.json create mode 100644 src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s-oled.json create mode 100644 src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s.json create mode 100644 src/boot/hwids/aa64/x1e78100-medion-sprchrgd-14s1-elite.json create mode 100644 src/boot/hwids/aa64/x1e80100-asus-vivobook-s15.json create mode 100644 src/boot/hwids/aa64/x1e80100-asus-zenbook-a14-oled.json create mode 100644 src/boot/hwids/aa64/x1e80100-asus-zenbook-a14.json create mode 100644 src/boot/hwids/aa64/x1e80100-crd.json create mode 100644 src/boot/hwids/aa64/x1e80100-dell-inspiron-14-plus-7441.json create mode 100644 src/boot/hwids/aa64/x1e80100-dell-latitude-7455.json create mode 100644 src/boot/hwids/aa64/x1e80100-dell-xps13-9345.json create mode 100644 src/boot/hwids/aa64/x1e80100-hp-elitebook-ultra-g1q.json create mode 100644 src/boot/hwids/aa64/x1e80100-hp-omnibook-x14.json create mode 100644 src/boot/hwids/aa64/x1e80100-lenovo-yoga-slim7x.json create mode 100644 src/boot/hwids/aa64/x1e80100-microsoft-denali.json create mode 100644 src/boot/hwids/aa64/x1e80100-microsoft-romulus13.json create mode 100644 src/boot/hwids/aa64/x1e80100-microsoft-romulus15.json create mode 100644 src/boot/hwids/aa64/x1p42100-acer-swift-go14-01.json create mode 100644 src/boot/hwids/aa64/x1p42100-asus-vivobook-s15.json create mode 100644 src/boot/hwids/aa64/x1p42100-asus-zenbook-a14.json create mode 100644 src/boot/hwids/aa64/x1p42100-hp-omnibook-x14.json create mode 100644 src/boot/hwids/aa64/x1p42100-lenovo-ideapad-5-2in1.json create mode 100644 src/boot/hwids/aa64/x1p42100-lenovo-ideapad-slim-5-oled.json create mode 100644 src/boot/hwids/aa64/x1p42100-lenovo-thinkbook-16.json create mode 100644 src/boot/hwids/aa64/x1p42100-microsoft-surface-pro-12in.json create mode 100644 src/boot/hwids/aa64/x1p64100-acer-swift-sf14-11.json diff --git a/src/boot/hwids/aa64/msm8998-lenovo-miix-630-81f1.json b/src/boot/hwids/aa64/msm8998-lenovo-miix-630-81f1.json new file mode 100644 index 0000000000000..42eb73966038f --- /dev/null +++ b/src/boot/hwids/aa64/msm8998-lenovo-miix-630-81f1.json @@ -0,0 +1,17 @@ +{ + "type": "devicetree", + "name": "LENOVO Miix 630", + "compatible": "lenovo,miix-630", + "hwids": [ + "16a55446-eba9-5f97-80e3-5e39d8209bc3", + "c4c9a6be-5383-5de7-af35-c2de505edec8", + "14f581d2-d059-5cb2-9f8b-56d8be7932c9", + "a51054fb-5eef-594a-a5a0-cd87632d0aea", + "307ab358-ed84-57fe-bf05-e9195a28198d", + "7e613574-5445-5797-9567-2d0ed86e6ffa", + "b0f4463c-f851-5ec3-b031-2ccb873a609a", + "08b75d1f-6643-52a1-9bdd-071052860b33", + "34df58d6-b605-50aa-9313-9b34f5c4b6fc", + "e0a96696-f0a6-5466-a6db-207fbe8bae3c" + ] +} diff --git a/src/boot/hwids/aa64/sc7180-acer-aspire1.json b/src/boot/hwids/aa64/sc7180-acer-aspire1.json new file mode 100644 index 0000000000000..945ce26435c1c --- /dev/null +++ b/src/boot/hwids/aa64/sc7180-acer-aspire1.json @@ -0,0 +1,18 @@ +{ + "type": "devicetree", + "name": "Acer Aspire 1", + "compatible": "acer,aspire1", + "hwids": [ + "45d37dbe-40fb-57bd-a257-55f422d4dc0a", + "373bfde5-ffaa-504c-84f3-f8f5357dfc29", + "e12521bf-0ed8-5406-af87-adad812c57c5", + "faa12ed4-bd49-5471-8f74-75c2267c3b46", + "965e3681-de3b-5e39-bb62-7d4917d7e36f", + "82fe1869-361c-56b2-b853-631747e64aa7", + "7e15f49e-04b4-5d56-a567-e7a15ba2aca1", + "7c107a7f-2d77-51aa-aef8-8d777e26ffbc", + "68b38fff-aadc-512c-937b-99d9c13eb484", + "260192d4-06d4-5124-ab46-ba210f4c14d7", + "175f000b-3d05-5c01-aedd-817b1a141f93" + ] +} diff --git a/src/boot/hwids/aa64/sc8180x-lenovo-flex-5g-81xe.json b/src/boot/hwids/aa64/sc8180x-lenovo-flex-5g-81xe.json new file mode 100644 index 0000000000000..deb83db397107 --- /dev/null +++ b/src/boot/hwids/aa64/sc8180x-lenovo-flex-5g-81xe.json @@ -0,0 +1,18 @@ +{ + "type": "devicetree", + "name": "LENOVO Yoga 5G 14Q8CX05", + "compatible": "lenovo,flex-5g", + "hwids": [ + "ea646c11-3da1-5c8d-9346-8ff156746650", + "5100eeed-c5e2-5b74-9c24-a22ca0644826", + "ddb3bcda-db7b-579d-9dd9-bcc4f5b052b8", + "fb364c09-efc0-5d16-ac97-0a3e6235b16c", + "7e7007ac-603c-55ef-bb77-3548784b9578", + "566b9ae8-a7fd-5c44-94d6-bac3e4cf38a7", + "6f3bdfb7-f832-5c5f-9777-9e3db35e22a6", + "c4ea686c-c56c-5e8e-a91e-89056683d417", + "a1a13249-2689-5c6d-a43f-98af040284c4", + "01439aea-e75c-5fbb-8842-18dcd1a7b8b3", + "65ab9f32-bbc8-52d3-87f9-b618fda7c07e" + ] +} diff --git a/src/boot/hwids/aa64/sc8180x-lenovo-flex-5g-82ak.json b/src/boot/hwids/aa64/sc8180x-lenovo-flex-5g-82ak.json new file mode 100644 index 0000000000000..a301a728e4abf --- /dev/null +++ b/src/boot/hwids/aa64/sc8180x-lenovo-flex-5g-82ak.json @@ -0,0 +1,18 @@ +{ + "type": "devicetree", + "name": "LENOVO Flex 5G 14Q8CX05", + "compatible": "lenovo,flex-5g", + "hwids": [ + "ad47f2e9-2f8c-5cd1-a44e-82f35a43e44e", + "997c1c76-5595-5300-9f58-94d2c6ffc586", + "b9bf941f-3a32-57da-b609-5fff7fb382cd", + "ea658d2b-f644-555d-9b72-e1642401a795", + "fb5c3077-39d5-5a44-97ce-2d3be5f6bfec", + "16551bd5-37b0-571d-a94c-da61a9cfccf5", + "df3ecc56-b61b-5f8e-896f-801a42b536d6", + "06675172-9a6e-5276-a505-d205688a87f0", + "23dcfb84-d132-5f60-878e-64fe0b9417d6", + "12c0e5b0-8886-5444-b42b-93692fa736df", + "39fca706-c9a2-54d4-8c7c-d5e292d0a725" + ] +} diff --git a/src/boot/hwids/aa64/sc8280xp-huawei-gaokun3.json b/src/boot/hwids/aa64/sc8280xp-huawei-gaokun3.json new file mode 100644 index 0000000000000..d01f9253a4cb3 --- /dev/null +++ b/src/boot/hwids/aa64/sc8280xp-huawei-gaokun3.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "HUAWEI MateBook E", + "compatible": "huawei,gaokun3", + "hwids": [ + "80c86c24-c7a7-5714-abf2-4c48f348cecc", + "1c2effc1-1038-584d-ae8b-7c912c8e9504", + "6eb75906-3a4e-5de4-94c5-374d8f9723e5", + "4f04f31f-17f0-583f-802f-82c3a0b34128", + "e1b94e53-0f20-5d01-abfc-cfb348544a31", + "b866fc5c-261b-56d8-99e8-03ea0646af8f", + "d8846172-f0a0-55ba-bf41-55641f588ea7", + "7ea8b73b-2cbb-562b-aecc-7f0f64c42630", + "3eb6683b-0153-5365-81c6-cc599783e9c7", + "e5a0ed2b-7fed-5e2d-94ed-43dbaf0b9ccc", + "0c78ef16-4fe0-5e33-908e-b038949ee608", + "e98c95a8-b50e-5d8b-b2db-c679a39163df", + "13311789-793f-5d95-942c-3b6414a8ad1a" + ] +} diff --git a/src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-21bx.json b/src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-21bx.json new file mode 100644 index 0000000000000..b3b3f701aa95e --- /dev/null +++ b/src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-21bx.json @@ -0,0 +1,18 @@ +{ + "type": "devicetree", + "name": "LENOVO ThinkPad X13s Gen 1", + "compatible": "lenovo,thinkpad-x13s", + "hwids": [ + "810e34c6-cc69-5e36-8675-2f6e354272d3", + "f22c935e-2dc8-5949-9486-09bbf10361b2", + "abdbb2cb-ab52-5674-9d0a-2e2cb69bcbb4", + "ddf28a3f-43fc-54a4-a6a7-4cba5ad46b3e", + "4df470e6-7878-5b0f-b2e0-733d5d9fa228", + "3ad863ab-0181-5a2f-9cc1-70eedc446da9", + "69c47e1e-fde2-5062-b777-acbeab73784b", + "3486eccc-d0ac-534a-9e2f-a1c18bc310c6", + "c869f39e-f205-5ca0-be7b-d90f90ef5556", + "b470d002-ad8e-5d5c-a7bf-bb1333f2ce4b", + "64b71f12-4341-5e5c-b7cd-25b6503799e3" + ] +} diff --git a/src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-21by.json b/src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-21by.json new file mode 100644 index 0000000000000..1683ece5ed967 --- /dev/null +++ b/src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-21by.json @@ -0,0 +1,18 @@ +{ + "type": "devicetree", + "name": "LENOVO ThinkPad X13s Gen 1", + "compatible": "lenovo,thinkpad-x13s", + "hwids": [ + "b265d777-007e-56e5-b0e2-bd666ab867be", + "3f9d2d91-73b2-5316-8c72-a0ecb3f0dae5", + "4b189129-8eb2-585c-a1bb-a4cfc979433a", + "fbf92a11-bb6f-5adb-b5a7-8abf9acbd7d9", + "0909a1c3-3a02-59a0-b1ea-04f1449c104f", + "69acf6bf-ed33-5806-857f-c76971d7061e", + "ddfbdaa2-7c46-5103-be64-84a9f88c485f", + "b41f58ed-7631-561f-9b0c-449a9c293afa", + "9f47e28f-e1ee-5cb5-b4ce-8f0605752b3d", + "873455fb-b2c5-5c0c-9c2c-90e80d44da57", + "a1dfe209-99e5-5ff2-9922-aa4c11491b49" + ] +} diff --git a/src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-4810.json b/src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-4810.json new file mode 100644 index 0000000000000..b2fe208634315 --- /dev/null +++ b/src/boot/hwids/aa64/sc8280xp-lenovo-thinkpad-x13s-4810.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "LENOVO ThinkPad X13s Gen 1", + "compatible": "lenovo,thinkpad-x13s", + "hwids": [ + "e4e1e851-389a-5be8-bc77-d32bc3e96ba2", + "a84d13c1-3864-5d56-8c7c-15ad37074a3f", + "6026ec60-e5e0-56bf-9d71-f3465d7314c8", + "dc4ecdd0-c09b-5e84-ac5f-ccf0182e1ec6", + "04392ed0-22bc-56a4-ae4e-dcb325cb6899", + "6d8e538a-e089-5901-97ed-5ef670416fca", + "93a4dd46-2007-56bf-b176-390519d6f5bd", + "4a971ccf-1223-5f4d-b939-dcb8efc0b350", + "56eafd87-9fbc-5388-a5fd-ec9a9178fb1c", + "5188008f-3241-5f05-8d21-774b5c7a2887", + "1305c7fb-2943-53e5-aba5-5a948d96ed94", + "db1387e0-f13d-5000-889d-ff7cca53846a", + "30c7a7fe-f4bf-5ce1-aad8-f5e6db904c53" + ] +} diff --git a/src/boot/hwids/aa64/sc8280xp-microsoft-blackrock.json b/src/boot/hwids/aa64/sc8280xp-microsoft-blackrock.json new file mode 100644 index 0000000000000..d31ca3bfe2f6a --- /dev/null +++ b/src/boot/hwids/aa64/sc8280xp-microsoft-blackrock.json @@ -0,0 +1,18 @@ +{ + "type": "devicetree", + "name": "Microsoft Corporation Surface", + "compatible": "microsoft,blackrock", + "hwids": [ + "69ba0503-ca94-5fa3-b78c-5fa21a66c620", + "ad2ee931-a048-5253-b350-98c482670765", + "5bd24fc5-5edb-51f6-82e6-31a9ef954c5b", + "d67e799e-2ba7-555a-a874-a0523a8b3b11", + "813677fa-6d11-5756-a44d-dde0f552d3f6", + "ce83144b-b123-59e5-8a9a-0c1a13643fc4", + "53b87f48-fc47-54e9-ade5-f1a95e885681", + "046fefee-341b-5c40-b0a3-1c647d31b500", + "f59639f4-4970-5706-9a75-519dd059f69e", + "08f06457-aa19-51c5-be4c-0087ce4fa2ed", + "11b80238-dbee-57bc-8b26-83c9e5b4057d" + ] +} diff --git a/src/boot/hwids/aa64/sc8280xp-microsoft-surface-pro-9-5G.json b/src/boot/hwids/aa64/sc8280xp-microsoft-surface-pro-9-5G.json new file mode 100644 index 0000000000000..29ece338b77c5 --- /dev/null +++ b/src/boot/hwids/aa64/sc8280xp-microsoft-surface-pro-9-5G.json @@ -0,0 +1,18 @@ +{ + "type": "devicetree", + "name": "Microsoft Corporation Surface", + "compatible": "microsoft,arcata", + "hwids": [ + "e3d941fa-2bfa-5875-8efd-87ce997f8338", + "a659ee2b-502d-50f7-9921-bdbd34734e0b", + "5caa88bc-ea9b-5d73-a69a-89024bfff854", + "c0cf7078-c325-5cf6-966b-3bbbc155275b", + "6309fbb9-68f4-54f9-bbc9-b3ca9685b48c", + "9d70dcfd-f56b-58bf-b1bd-a1b8f2b0ec7e", + "9bac72c6-83f6-5e21-af8e-bc1f5c2b7cc8", + "94fb24a7-ff7a-5d70-9ac8-518a9e44ea64", + "009d2337-4f76-514e-b2c1-b2816447b048", + "3a486e6f-3b0a-5603-a483-503381d3d8c3", + "636b6071-7848-50d5-b0b5-6290c49e9306" + ] +} diff --git a/src/boot/hwids/aa64/sdm850-lenovo-yoga-c630.json b/src/boot/hwids/aa64/sdm850-lenovo-yoga-c630.json new file mode 100644 index 0000000000000..771ebea6e115a --- /dev/null +++ b/src/boot/hwids/aa64/sdm850-lenovo-yoga-c630.json @@ -0,0 +1,18 @@ +{ + "type": "devicetree", + "name": "LENOVO YOGA C630-13Q50", + "compatible": "lenovo,yoga-c630", + "hwids": [ + "b8c71349-3669-56f3-99ee-ae473a2edd96", + "d17c132e-f06e-5e38-8084-9cd642dd9b34", + "8f56cf17-7bdd-5414-832d-97cd26837114", + "b323d38a-88c6-5cf6-af0d-0db3f3c2560d", + "43b71948-9c47-5372-a5cb-18db47bb873f", + "67a23be6-42a6-5900-8325-847a318ce252", + "94f73d29-3981-59a8-8f25-214f84d1522a", + "5ca3cf2b-d6e9-5b54-93f7-1cebd7b3704f", + "81f308c0-db65-50c2-a660-52e06fc0ff9f", + "30b031c0-9de7-5d31-a61c-dee772871b7d", + "382926c0-ce35-53af-8ff9-ca9cc06cfc7b" + ] +} diff --git a/src/boot/hwids/aa64/x1e001de-devkit.json b/src/boot/hwids/aa64/x1e001de-devkit.json new file mode 100644 index 0000000000000..6c2e1855cc8ee --- /dev/null +++ b/src/boot/hwids/aa64/x1e001de-devkit.json @@ -0,0 +1,13 @@ +{ + "type": "devicetree", + "name": "Qualcomm SCP_HAMOA", + "compatible": "qcom,x1e001de-devkit", + "hwids": [ + "baa7a649-12d8-56c7-93c5-a4e10f4852be", + "c8e75ab8-555c-5952-a3e3-5b607bea031d", + "4bb05d50-6c4f-525d-a9ec-8924afd6edea", + "830bd4a2-2498-55cf-b561-48f7dc5f4820", + "f37dc44b-0be4-5a70-86bd-81f3dacff2e9", + "9cba20d0-17ad-559f-94cd-cfcbbf5f71f5" + ] +} diff --git a/src/boot/hwids/aa64/x1e78100-acer-sfa14-11.json b/src/boot/hwids/aa64/x1e78100-acer-sfa14-11.json new file mode 100644 index 0000000000000..b6005b3e92a94 --- /dev/null +++ b/src/boot/hwids/aa64/x1e78100-acer-sfa14-11.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "Acer Swift 14 Go Pro AI", + "compatible": "acer,swift-sfa14-11", + "hwids": [ + "730dea6f-efd9-5686-a975-656c9b8423f1", + "97f3186d-0ad3-5f8a-98bb-72674271590d", + "39379ca2-ff12-5f56-b54f-05064dc42166", + "c6d7090e-7535-5a11-aa9e-c61e2bf3e21c", + "b4835065-fd33-5d49-99d2-4e8a16147c23", + "74439855-9bdf-5cf1-9bf8-4057ee0fb250", + "7e4796fa-aa40-55f4-ac92-7350759fe5b7", + "eb342e11-e7f8-5b4b-b193-d379f676ec8b", + "3e7aed1f-e80e-59b9-a0e7-0011d93d05ba", + "488a4452-62a8-5362-87ba-8265d0d0ef61", + "3e7aed1f-e80e-59b9-a0e7-0011d93d05ba", + "dace3a5d-f5c6-5b0b-b15c-ff1ebfc2f5c2", + "c97fd9d6-efec-54e0-a6e2-3ba4cadd9655" + ] +} diff --git a/src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s-lcd.json b/src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s-lcd.json new file mode 100644 index 0000000000000..f95c6ea05918f --- /dev/null +++ b/src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s-lcd.json @@ -0,0 +1,16 @@ +{ + "type": "devicetree", + "name": "LENOVO ThinkPad T14s Gen 6 (LCD)", + "compatible": "lenovo,thinkpad-t14s-lcd", + "hwids": [ + "83579fdf-8faf-57b4-b265-d2e817c7cf3f", + "b0e14398-0a96-5736-840b-7349e5c0b85c", + "53b6927f-d6ca-5674-a0e8-a50a989d4ba0", + "a8852b56-45ea-5377-ba2d-1910a5c897bb", + "1538c7fb-26b6-5144-b16f-2500b5a0a503", + "1480f3ca-b01a-5d7c-bbc9-7a17d7b4b58d", + "48a732b5-3989-5ac3-b661-516a46f00792", + "2b1b6e68-cee9-549b-b8ae-10c274b8c3a6", + "a07b8e34-d6b6-58b2-9963-38216ec67159" + ] +} diff --git a/src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s-oled.json b/src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s-oled.json new file mode 100644 index 0000000000000..f74ef47421e7c --- /dev/null +++ b/src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s-oled.json @@ -0,0 +1,13 @@ +{ + "type": "devicetree", + "name": "LENOVO ThinkPad T14s Gen 6 (OLED)", + "compatible": "lenovo,thinkpad-t14s-oled", + "hwids": [ + "27378ce5-d999-5c3b-acde-0404805afd3b", + "7c09107d-0ac3-5582-837f-c614d518cf62", + "77ffaabe-038a-550f-b6ea-485dc49d4b45", + "e78c4e7a-68c3-5b29-b2a0-dbd2785e28cd", + "c012b92d-a6a6-57fa-ba06-4f3062d891d4", + "08ba7f5b-8136-5938-835a-fd99143d34a5" + ] +} diff --git a/src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s.json b/src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s.json new file mode 100644 index 0000000000000..c90b2f1aac522 --- /dev/null +++ b/src/boot/hwids/aa64/x1e78100-lenovo-thinkpad-t14s.json @@ -0,0 +1,33 @@ +{ + "type": "devicetree", + "name": "LENOVO ThinkPad T14s Gen 6", + "compatible": "lenovo,thinkpad-t14s-lcd", + "hwids": [ + "c81fee2f-cf41-5d5a-8c7b-afd6585b1d81", + "a9b59fea-e841-508a-a245-3a2d8d2802de", + "74593764-b6b9-58e9-bedc-93ebbb1eb057", + "e5d83424-0ecb-5632-b7b1-500f04e82725", + "76032e78-67a8-5dab-8512-157bfcfb8f75", + "dd83478e-e01b-5631-ae74-92ae275a9b4e", + "791ecd9d-1547-58e6-b72a-5ce417b729dd", + "8c602147-5363-5374-859e-8b7fe2d4d3ce", + "498d60ae-9b1d-5b67-8abd-af571babfa94", + "acbac5af-aa6a-5690-88f3-e910f04a7ead", + "5180bc01-5d18-5870-b955-969da38b2647", + "19b622ef-27fe-5c2e-bc53-13a79b862c65", + "ac09e50f-9b3b-53c0-9752-377c3a0baaa0", + "1d9f3ebb-96de-5dd6-8c88-38308b0c1c44", + "578dd7d5-5871-5bd5-92a9-be07f1067b92", + "ed647f93-3075-598b-9d89-d0f30ec11707", + "f6cd4a9f-9632-516e-b748-65952f7380c5", + "a5a4e3c1-5922-5ed6-b78e-9f0ea873a988", + "a20ae3ec-49a1-5cb5-acb8-5d31c77b105a", + "8cfd85bb-0d77-59df-8546-264239be475e", + "513976f8-3f51-5b42-9ae0-931ce23c5f38", + "86a0d770-3ca1-57fa-ac05-413481c00a24", + "5c20e964-d530-5dd7-9efd-4aed9e73c3cb", + "d93b21c0-5ed9-5955-911a-5b15f114d786", + "82fa4a02-8c3c-55f9-b0c9-e8feb669fd3a", + "34e7fadd-9c7d-5f91-ba7f-cedb04d59b9a" + ] +} diff --git a/src/boot/hwids/aa64/x1e78100-medion-sprchrgd-14s1-elite.json b/src/boot/hwids/aa64/x1e78100-medion-sprchrgd-14s1-elite.json new file mode 100644 index 0000000000000..7fe1ea6e38ce4 --- /dev/null +++ b/src/boot/hwids/aa64/x1e78100-medion-sprchrgd-14s1-elite.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "MEDION SPRCHRGD", + "compatible": "medion,sprchrgd14s1", + "hwids": [ + "e72ceeaf-45c6-50f5-9a8d-f3af93228f05", + "0f49db05-25d9-5f1a-a633-40b358f6f6d2", + "f6304115-77d2-52ef-b050-77b79c416b76", + "7cbb6d59-d341-5ef2-ba12-dd3bc4a41df6", + "2fee1e80-b28f-51f2-8421-f0c39aa97516", + "2904a882-918e-5f0b-9ac6-6a9737e685c9", + "ba6260c3-a098-59ba-b999-2783726d1e44", + "3713fa68-5f78-5538-b954-5e82e6c25646", + "f3ceb2c3-66db-5519-98bc-d62cba323666", + "9eb99973-f4f7-53b2-8682-faafa5f8ad1f", + "ec048a86-f99a-5f29-a128-04d9254808ba", + "6b54ec94-c2bb-5008-abe3-975b26e8a371", + "776dd828-0ea0-52b3-93d9-b4f97ac0e7e1" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-asus-vivobook-s15.json b/src/boot/hwids/aa64/x1e80100-asus-vivobook-s15.json new file mode 100644 index 0000000000000..4b018fe9662d8 --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-asus-vivobook-s15.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "ASUSTeK COMPUTER INC. ASUS Vivobook S 15", + "compatible": "asus,vivobook-s15", + "hwids": [ + "6d634332-21fc-57c8-bc6b-e0f800f69f95", + "d0fce8d6-a709-5bf0-8be0-6ac6ab44b8e0", + "80430e03-90f0-5355-84b2-28fb17367203", + "fa342b0a-9e22-541f-8e95-93106778f97d", + "137a5f94-8fcf-5581-8ac6-70d50fdba4a6", + "3a3ef092-d5f1-5d4d-acea-70b38ef56e53", + "a6debedb-f954-5aa1-8260-4dc3b567c95f", + "f3a6ca3e-4791-5bb0-915e-0b31856ec19c", + "4262e277-58d3-5ac4-9858-c0751ad06f5c", + "f54cd4e6-3666-5b56-abd3-a5f2df50c534", + "807fe49f-cfd2-537d-b635-47bec9e36baf", + "c71e903b-4255-56cb-b961-a8f87b452cbe", + "1b6a0689-3f70-57e0-8bf3-39a8a74213e8" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-asus-zenbook-a14-oled.json b/src/boot/hwids/aa64/x1e80100-asus-zenbook-a14-oled.json new file mode 100644 index 0000000000000..5fd6fb80fb9ff --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-asus-zenbook-a14-oled.json @@ -0,0 +1,9 @@ +{ + "type": "devicetree", + "name": "ASUSTeK COMPUTER INC. ASUS Zenbook A14", + "compatible": "asus,zenbook-a14-ux3407qa-oled", + "hwids": [ + "f84ba711-7075-5c1b-a03c-57d2521a1ac2", + "91971b38-ae5d-5e14-9f44-7c0316710593" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-asus-zenbook-a14.json b/src/boot/hwids/aa64/x1e80100-asus-zenbook-a14.json new file mode 100644 index 0000000000000..c3b0e05bcdd68 --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-asus-zenbook-a14.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "ASUSTeK COMPUTER INC. ASUS Zenbook A14", + "compatible": "asus,zenbook-a14-ux3407ra", + "hwids": [ + "c41d2cda-fda7-522c-b1a7-4a835c15c43d", + "0bfddfaf-e393-5dfe-a805-39b8b1098c81", + "f0bb1cd4-995a-5c90-946b-9bb958f35f42", + "2d610a5e-ef69-5e60-b15e-7786d0ebd79e", + "6f892377-a51e-5f99-a363-b79f28fc55f9", + "0c3f5e9c-eddb-5ba2-88ee-06ae0221a53d", + "20b8b77d-e450-550b-b1ff-55d3317f59a6", + "24652d54-00f4-59ae-96fb-f7adbfa4a939", + "5c9fc73f-f915-52bf-a82d-9c7fe2274ecc", + "3884ad58-4d63-589a-be98-b8ab1ddf3b93", + "cedbcc19-3a5a-5bae-9973-f8e158188de7", + "1f2f1045-a811-5e42-b31e-b433e384fc79", + "b307ab54-c79d-58ca-a3b2-d1b1e325bfc3" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-crd.json b/src/boot/hwids/aa64/x1e80100-crd.json new file mode 100644 index 0000000000000..730da016ff14a --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-crd.json @@ -0,0 +1,16 @@ +{ + "type": "devicetree", + "name": "Qualcomm SCP_HAMOA", + "compatible": "qcom,x1e80100-crd", + "hwids": [ + "e73870a5-90e8-528d-93fd-3da59f78df18", + "2405af0b-d21d-5196-a228-4acffe7b3a10", + "8fa88c58-23eb-5aea-9ea7-c4a98ded7352", + "7faef667-9eb2-53f4-9764-26fe0e92fbff", + "b6d4eee8-30f3-564a-8246-e83935cf8dbb", + "4bb05d50-6c4f-525d-a9ec-8924afd6edea", + "339fc6d2-e0f4-5226-9dd9-62c4dc41881d", + "d52e3fb6-202c-5cfa-a27c-e3ffe15339fb", + "361b3d63-be90-52c2-8798-a05fbd68b773" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-dell-inspiron-14-plus-7441.json b/src/boot/hwids/aa64/x1e80100-dell-inspiron-14-plus-7441.json new file mode 100644 index 0000000000000..4db770b03c674 --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-dell-inspiron-14-plus-7441.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "Dell Inc. Inspiron", + "compatible": "dell,inspiron-14-plus-7441", + "hwids": [ + "4689ccaf-4f31-5146-887f-ca965da0f28a", + "e4c9fe83-73ba-5160-bc18-57d4a98e960d", + "efc06900-f603-5944-88e5-4de722816f91", + "90117b25-1646-515b-bfeb-286e74f2a1e8", + "c1190be1-8ed5-50f1-9097-2a73ad9c4eb1", + "0d9ce3bc-620c-5209-9e82-7382cb6cffcd", + "ff394805-0b5f-52f6-9e1d-afb1d2bee411", + "07c6477a-7ef7-56c7-91d9-73d23295b0c0", + "a66b1244-0027-5451-a96a-dfcfc42ab892", + "ef84110e-bd09-5f0f-a3dd-7995b4a3a706", + "07c6bbd9-caf8-5025-84d8-4efdb790f663", + "bea2e67a-b660-5044-8acd-0d28e8c2e974", + "8548ce7c-fdf3-55d0-95ba-606ca8db50da" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-dell-latitude-7455.json b/src/boot/hwids/aa64/x1e80100-dell-latitude-7455.json new file mode 100644 index 0000000000000..8ea6cf91081f4 --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-dell-latitude-7455.json @@ -0,0 +1,17 @@ +{ + "type": "devicetree", + "name": "Dell Inc. Latitude", + "compatible": "dell,latitude-7455", + "hwids": [ + "903e3a6f-e14b-5643-9d55-244f917aadb6", + "59e5c810-9e60-5a89-8665-db36c56b34d6", + "2b9277cd-85b1-51ee-9a38-d477632532da", + "6e01222b-b2aa-531e-b95f-0e4b2a063364", + "93055898-8c85-50e7-adde-8115f194579a", + "b3e5b59d-84ae-597d-9222-8a4d48480bc3", + "4f73f73b-e639-5353-bbf7-d851e48f18fc", + "68822228-a3e0-5b12-942d-9408751405d1", + "683e4579-8440-5bc1-89ac-dfcd7c25b307", + "fb7493ec-9634-5c5a-9f26-69cbf9b92460" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-dell-xps13-9345.json b/src/boot/hwids/aa64/x1e80100-dell-xps13-9345.json new file mode 100644 index 0000000000000..39dcbdefe6f4a --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-dell-xps13-9345.json @@ -0,0 +1,18 @@ +{ + "type": "devicetree", + "name": "Dell Inc. XPS", + "compatible": "dell,xps13-9345", + "hwids": [ + "eedeb5d9-1a0e-56e6-9137-eb6a723e58d1", + "1eb87d70-2f37-5f18-85de-30e46c17d540", + "1d1baf60-e2f3-5821-9d98-19a131bf8d93", + "7c7c2920-cb59-56ad-bc8a-939e803b0192", + "940c6349-f0a5-54ba-8deb-10e709e0b76c", + "3b9a1d76-f2e8-52e8-84de-14c5942b3d41", + "3c2649a7-2275-5130-a0c4-cc5f9809a2c1", + "36e8dd88-512d-5a74-86a4-039333f9e15a", + "e656b5f2-69c3-55da-bf22-4dd58d5f6d4f", + "bc685cec-e979-5cb9-bf02-e15586c7cb4b", + "81972cb8-6fc7-5e08-b140-b0063ed4fefa" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-hp-elitebook-ultra-g1q.json b/src/boot/hwids/aa64/x1e80100-hp-elitebook-ultra-g1q.json new file mode 100644 index 0000000000000..c81a485d647a9 --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-hp-elitebook-ultra-g1q.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "HP 103C_5336AN HP EliteBook Ultra", + "compatible": "hp,elitebook-ultra-g1q", + "hwids": [ + "ba2ddd3d-a06b-5b1f-9b2a-ce58f748486c", + "9145c311-f1b1-5f0f-902d-f6828baf8c46", + "5275e89b-e839-589e-9e90-e1bd6854255b", + "7bfc4a0e-15c1-58b3-b27b-4e5f60d4397e", + "a3c9ef57-67ab-5f75-a4cb-48cb7475b025", + "72a81f9e-c30b-5bf0-8449-948f8e593e92", + "829d699c-f082-5835-967a-8e7022cb20b5", + "25f49237-b3b4-58b2-9e58-6cc379781901", + "07be634a-0442-51fb-8a77-ecb370b5262b", + "e4944bcc-a1c3-540e-b400-cd91953b7ba9", + "ec4cdb9c-e6ff-581c-ac22-d597b5e880a2", + "b7f376e9-f5f8-5718-b00e-6bd7c265aeab", + "5473ba61-2807-585b-b2ac-f0366d84bdc0" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-hp-omnibook-x14.json b/src/boot/hwids/aa64/x1e80100-hp-omnibook-x14.json new file mode 100644 index 0000000000000..7f5302b7a5192 --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-hp-omnibook-x14.json @@ -0,0 +1,17 @@ +{ + "type": "devicetree", + "name": "HP 103C_5335M8 HP OmniBook X", + "compatible": "hp,omnibook-x14", + "hwids": [ + "045dfd0f-068b-5e57-86bd-f41b4b906006", + "ca5dab4f-a301-53c6-b753-c2db56172e0a", + "811126e6-4aee-5f9e-827d-d0f12f6a6f00", + "6a4511bc-0a3b-5b10-9c8b-dbcb834ecd83", + "abb2ffec-2acd-5750-8dfd-c3845fd4bf2a", + "1a192aee-2cfd-5ab5-95f9-8093218a48ef", + "eaab52c6-ed22-5e1b-b788-fc5a0531291d", + "848aeb1d-302b-5b6b-9109-0f4632535915", + "54500b82-f7ae-592d-ae68-8c8e362a1475", + "68d24be5-01b6-5d88-83fb-df2bcfa879aa" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-lenovo-yoga-slim7x.json b/src/boot/hwids/aa64/x1e80100-lenovo-yoga-slim7x.json new file mode 100644 index 0000000000000..e2887382f1c44 --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-lenovo-yoga-slim7x.json @@ -0,0 +1,18 @@ +{ + "type": "devicetree", + "name": "LENOVO Yoga Slim 7 14Q8X9", + "compatible": "lenovo,yoga-slim7x", + "hwids": [ + "3fb1e5ba-05cd-5153-ad64-1d8bc6dc7a1b", + "d99f6cb2-4a96-5e4a-8e29-19d52dfc2870", + "6d53c38f-6adb-578b-a418-2abda4d8485d", + "8073dbed-501f-5f5e-a619-4cdd9c00e865", + "d27cf20e-e185-578e-bd46-f4cc3a718bb2", + "8477f828-512b-56cf-af55-c711a6831551", + "f7f92b85-ff01-5e93-a453-c7f91029aa55", + "0700776d-0de7-5ea7-b9bf-77e0454d35e1", + "ee39b629-4187-5ff7-84c0-e354555562cd", + "fdb12a4f-1e8b-524e-97b5-feef23a8a8da", + "63429d43-c970-570d-aaa7-54300924e0c5" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-microsoft-denali.json b/src/boot/hwids/aa64/x1e80100-microsoft-denali.json new file mode 100644 index 0000000000000..9f9108365f981 --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-microsoft-denali.json @@ -0,0 +1,27 @@ +{ + "type": "devicetree", + "name": "Microsoft Corporation Surface", + "compatible": "microsoft,denali-oled", + "hwids": [ + "66f9d954-5c66-5577-b3e4-e3f14f87d2ff", + "5a384f15-464d-5da8-9311-a2c021759afc", + "14b96570-4bc4-541a-9aef-1b7e2b61d7cd", + "aca467c0-5fc2-59ad-8ed5-1b7a0988d11c", + "95971fb3-d478-591f-9ea3-eb0af0d1dfb5", + "c9c14db9-2b61-597a-a4ba-84397fe75f63", + "7cef06f5-e7e6-56d7-b123-a6d640a5d302", + "48b86a5e-1955-5799-9577-150f9e1a69e4", + "06128fee-87dc-50f6-8a3f-97cd9a6d8bf6", + "84b2e1d1-e695-5f41-8c41-cf1f059c616a", + "16a47337-1f8b-5bd3-b3bd-8e50b31cb1c9", + "01bf1e61-d2e0-518b-bb46-eb4d1f2b1af1", + "584a5084-15f2-5d20-917b-57f299e61f7e", + "64fbb7cb-3c5b-5fd7-a361-41d1d0ef2ff2", + "fa26249f-6748-5ff3-8f78-b9cf9ab4ed2f", + "a362faea-8d41-5642-a48e-c0349d96ad60", + "fdc060ef-c134-5735-8b51-bfb157640a5c", + "d752a22b-1fd8-53c3-89ef-8ca95618134a", + "ca2ff828-b404-5253-9e0e-579c93bfb059", + "2ea92a70-ac64-51f7-a395-dc86b06f4e0a" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-microsoft-romulus13.json b/src/boot/hwids/aa64/x1e80100-microsoft-romulus13.json new file mode 100644 index 0000000000000..8bbd0539433d0 --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-microsoft-romulus13.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "Microsoft Corporation Surface", + "compatible": "microsoft,romulus13", + "hwids": [ + "4ecd5e53-42ea-51a3-9602-aecdfee5c09d", + "53368ca9-12d5-5ee1-820b-ce979fa2cb0b", + "cb196e28-20bc-5e78-93f1-0ac41726bcf8", + "fdfca0f3-41b6-5872-a2ea-53539fd5160c", + "11696377-327d-5ad1-b01d-02a7dbb9b99a", + "892e90c9-31e3-5131-a217-a02632dba5e9", + "786c71b6-f60e-51c7-9ddc-f2999b75a3c5", + "f0d12ad9-f530-5b56-96d8-897dd704059e", + "3c329240-a447-5ec5-b79b-d1149420ac62", + "224ba2ff-14c1-5b33-ac10-079ccc217be2", + "924900a0-9be2-53ca-90d7-b0e38827f5c5", + "95c06fde-19b0-55dc-9ca6-55403bae23f5", + "c735618b-d526-5f71-9651-8d149340d620" + ] +} diff --git a/src/boot/hwids/aa64/x1e80100-microsoft-romulus15.json b/src/boot/hwids/aa64/x1e80100-microsoft-romulus15.json new file mode 100644 index 0000000000000..d53ea24e400bb --- /dev/null +++ b/src/boot/hwids/aa64/x1e80100-microsoft-romulus15.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "Microsoft Corporation Surface", + "compatible": "microsoft,romulus15", + "hwids": [ + "e56cd9fa-d992-5947-9f80-82345827e8e6", + "e1fbd53f-3738-5fa6-aa7b-5ae319663d6b", + "e4cef54f-d5b2-56b1-8aa0-07b48c3deedf", + "ebce3085-12c1-58f3-9456-ccdf741a1538", + "f91b1a95-926c-5fd7-9826-4a101e142f97", + "892e90c9-31e3-5131-a217-a02632dba5e9", + "27ec66e4-3f81-5c06-997e-e1ea0a98b8a1", + "90482ef5-831d-5069-8d40-92d339a75c77", + "3c329240-a447-5ec5-b79b-d1149420ac62", + "224ba2ff-14c1-5b33-ac10-079ccc217be2", + "924900a0-9be2-53ca-90d7-b0e38827f5c5", + "109cd8d8-6086-50b6-9c2d-d0aca0f418da", + "c735618b-d526-5f71-9651-8d149340d620" + ] +} diff --git a/src/boot/hwids/aa64/x1p42100-acer-swift-go14-01.json b/src/boot/hwids/aa64/x1p42100-acer-swift-go14-01.json new file mode 100644 index 0000000000000..d0d447d86d907 --- /dev/null +++ b/src/boot/hwids/aa64/x1p42100-acer-swift-go14-01.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "Acer Swift Go 14 AI", + "compatible": "acer,swift-go14-01", + "hwids": [ + "795d7de3-0e1e-5976-b0d2-2216375df442", + "327e7f1e-4a10-5fe1-8b4f-3c235ea128d9", + "627edbb7-fbdb-5de7-8382-f7abcbf9928a", + "79dd27da-6d6b-57da-8fba-b97b489be61d", + "3bd63b6b-dfa3-5314-9846-76363ae49445", + "03f8cc3c-5d61-5ea0-aeb1-b3142528bce2", + "3f49141c-d8fb-5a6f-8b4a-074a2397874d", + "7c107a7f-2d77-51aa-aef8-8d777e26ffbc", + "2e71fd01-d5f5-5c67-9abc-c47c10f08626", + "6abb9980-4909-5d87-95a4-871129047302", + "a07b1705-c904-5a73-b97a-f46bc2dd8400", + "e66990c4-b390-59c3-a580-149c73cfe585", + "69670c5e-509d-5193-9f0a-882a00180b1a" + ] +} diff --git a/src/boot/hwids/aa64/x1p42100-asus-vivobook-s15.json b/src/boot/hwids/aa64/x1p42100-asus-vivobook-s15.json new file mode 100644 index 0000000000000..0e8d23a6736ed --- /dev/null +++ b/src/boot/hwids/aa64/x1p42100-asus-vivobook-s15.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "ASUSTeK COMPUTER INC. ASUS Vivobook S 15", + "compatible": "asus,vivobook-s15-x1p4", + "hwids": [ + "c4575028-e938-504d-850d-f36fbb6b300d", + "920bc3d2-69f0-5705-83d8-3e0019ab5223", + "ac5b6293-c2ac-5e82-98f2-0475efbc11fc", + "0c926a29-b883-5482-aea7-ddda46084840", + "c5fed9eb-6a7b-5378-b093-484d9322150b", + "c9cd4052-8d61-5a5b-ad16-b9f12a993822", + "be521b64-7759-5835-a0b2-c10300a191fa", + "24652d54-00f4-59ae-96fb-f7adbfa4a939", + "52499218-2ce9-5d3c-b276-e3cee52f2f7a", + "172515ff-feb1-5f61-bc14-116a23ea70da", + "f6b44a44-c913-572c-8c9c-0ff0f9c010f0", + "2ad07794-e07a-55da-b1a1-b9b56ed4cdcd", + "ab36b5d3-4e77-58be-9d55-939c7e6734c6" + ] +} diff --git a/src/boot/hwids/aa64/x1p42100-asus-zenbook-a14.json b/src/boot/hwids/aa64/x1p42100-asus-zenbook-a14.json new file mode 100644 index 0000000000000..5ac0b0a0ff24e --- /dev/null +++ b/src/boot/hwids/aa64/x1p42100-asus-zenbook-a14.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "ASUSTeK COMPUTER INC. ASUS Zenbook A14", + "compatible": "asus,zenbook-a14-ux3407qa-lcd", + "hwids": [ + "c6d100b1-9de7-5636-a3cc-f28fa46fb926", + "85f50d27-f4cb-54df-9aae-f6f09700b132", + "8a72a2ea-3971-55e3-b982-cb6b82868f0e", + "a034eff6-2891-5de0-b0db-9c5ff350b968", + "a5b5becc-2a55-5017-b159-087f3846da26", + "59793319-4344-5755-9194-17f29f030d5d", + "14643426-35fa-5a20-bc31-3b6095d2b451", + "24652d54-00f4-59ae-96fb-f7adbfa4a939", + "a8425d85-573a-56f8-9d9d-98a196d712fa", + "7e6d3df4-bf5f-59ab-ad7b-e00677c0ae5a", + "00bc5418-646d-5bab-b772-4efb06f4e7f1", + "3ca4e2d9-50df-51a5-a87f-4636d425e97d", + "0b8b84da-462b-5620-bdb5-70272e0ddd94" + ] +} diff --git a/src/boot/hwids/aa64/x1p42100-hp-omnibook-x14.json b/src/boot/hwids/aa64/x1p42100-hp-omnibook-x14.json new file mode 100644 index 0000000000000..0ea56fb5c202f --- /dev/null +++ b/src/boot/hwids/aa64/x1p42100-hp-omnibook-x14.json @@ -0,0 +1,17 @@ +{ + "type": "devicetree", + "name": "HP 103C_5335M8 HP OmniBook X", + "compatible": "hp,omnibook-x14-fe1", + "hwids": [ + "3fdb269e-c359-5004-b4e3-8541ef3580c9", + "29a43fda-41e4-5db5-b6d3-012d0674d84f", + "9c3e4a5b-8fa2-5045-9c4f-441307fa3b08", + "271cca67-bd9e-5dd6-8e5f-b5f6b969da97", + "612e268b-1233-5af6-b478-5596d3573d35", + "1d8361a7-1b3a-5915-8a35-03a3c1cf9c2e", + "6fe7a469-b01a-5530-9a34-2dd089e0e006", + "5120f011-8f7e-5ca5-9143-de545e288712", + "d4db0558-de1b-562b-bc23-3e0caadd4c94", + "38e7030f-993f-5bda-9ce8-ae13a13d7b5a" + ] +} diff --git a/src/boot/hwids/aa64/x1p42100-lenovo-ideapad-5-2in1.json b/src/boot/hwids/aa64/x1p42100-lenovo-ideapad-5-2in1.json new file mode 100644 index 0000000000000..40f4a7387439a --- /dev/null +++ b/src/boot/hwids/aa64/x1p42100-lenovo-ideapad-5-2in1.json @@ -0,0 +1,25 @@ +{ + "type": "devicetree", + "name": "LENOVO IdeaPad 5 2-in-1 14Q8X9", + "compatible": "lenovo,ideapad-5-2in1", + "hwids": [ + "db0cb253-2dc7-5164-8ce7-6ed312c1dd9b", + "72fe9329-cc32-5032-8714-d7ec08a9d441", + "aa4cb99b-c4ff-56a4-8b63-ab59db887972", + "d622845f-0305-5b33-b081-b7519488ed65", + "9b723570-d493-5541-ae58-49087512f816", + "eb458c6d-45b2-5299-95b7-87723235240e", + "920bf110-b027-51fc-97e5-bb9b46e78c75", + "9276913a-a9da-5237-b4e8-c8502197264a", + "a8a28ecb-200f-59c6-8fe3-62fa670fb80d", + "24248bed-dbd2-5e4f-ba41-4e03a09b904a", + "68320834-1316-5dad-babf-ae31cc3ff58c", + "d15b437b-55bf-5bd8-8a88-eb4b9e54cb97", + "32b7e294-a252-5a72-b3c6-6197f08c64f1", + "71d86d4d-02f8-5566-a7a1-529cef184b7e", + "6de5d951-d755-576b-bd09-c5cf66b27234", + "63fd3926-001c-5392-9c34-fdd477025bd8", + "4ff87ce0-b6ce-5e37-899b-389129fc099e", + "99431f53-09a1-5869-be79-65e2fa3f341d" + ] +} diff --git a/src/boot/hwids/aa64/x1p42100-lenovo-ideapad-slim-5-oled.json b/src/boot/hwids/aa64/x1p42100-lenovo-ideapad-slim-5-oled.json new file mode 100644 index 0000000000000..e05af45343104 --- /dev/null +++ b/src/boot/hwids/aa64/x1p42100-lenovo-ideapad-slim-5-oled.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "LENOVO IdeaPad Slim 5 14Q8X9 (OLED)", + "compatible": "lenovo,ideapad-slim5x-oled", + "hwids": [ + "6dede08b-32e0-520f-b3b5-6a8da842a919", + "bf1bc4fc-ddc8-5c48-8e31-8f8ff2418596", + "c1734f8b-41a9-5397-ae31-522795aaec18", + "28fc3712-01ae-5662-af6c-1d5eaed5f3db", + "eaa30ed1-62b1-51e2-9d1f-8308a1202657", + "8996d12b-d951-5792-92b5-4a8ac7593ec9", + "035da45a-624c-54a8-871d-a26f23330491", + "9c8eb132-0805-5a67-acae-5e24dcf34fa3", + "0ee69b2b-77f1-5424-a81a-f0f47ddf5dce", + "9b4980e7-d4d9-5f2f-9462-11dce522e7d3", + "f4fb1cdf-5465-57ef-9328-e1dec46b22ee", + "5c96e271-228e-573f-8d54-81ddc8df357f", + "3dc089c0-edd4-5ab2-bd70-537fb1acd96a" + ] +} diff --git a/src/boot/hwids/aa64/x1p42100-lenovo-thinkbook-16.json b/src/boot/hwids/aa64/x1p42100-lenovo-thinkbook-16.json new file mode 100644 index 0000000000000..58a775f8978ce --- /dev/null +++ b/src/boot/hwids/aa64/x1p42100-lenovo-thinkbook-16.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "LENOVO ThinkBook 16 G7 QOY", + "compatible": "lenovo,thinkbook-16", + "hwids": [ + "e55d76ae-2ca4-543e-9144-86fdf0b0bf36", + "85f8bd67-fcad-50b8-8c67-0dbb786353b7", + "af0d539c-b28f-5a4d-b7a1-3640e2c4535f", + "ee9060fc-7565-54a3-ad4d-d6c637e9672d", + "11788bd3-612e-5b33-8d26-b8dd53d88ba0", + "894d8a8c-ab94-5193-ab7e-544927bdc40b", + "653dcb5a-527b-554c-921b-e4d93e112048", + "4279ea98-d0f8-588a-bb60-546a9bdefbbe", + "8442079a-81e2-5006-9aa0-f9c88bac9288", + "43977c23-c88a-5355-95ee-78667c5c4f1d", + "1f483d31-703d-5688-92a4-a72daaef38ec", + "e982f8e2-1687-5207-8674-44eea11e4b08", + "f81a6614-f23c-591a-b665-e19886a3d55e" + ] +} diff --git a/src/boot/hwids/aa64/x1p42100-microsoft-surface-pro-12in.json b/src/boot/hwids/aa64/x1p42100-microsoft-surface-pro-12in.json new file mode 100644 index 0000000000000..39c56dc483331 --- /dev/null +++ b/src/boot/hwids/aa64/x1p42100-microsoft-surface-pro-12in.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "Microsoft Corporation Surface", + "compatible": "microsoft,sp12", + "hwids": [ + "38f75a5d-c3fc-5306-bb2e-bbb516e1ea91", + "57ba7c1d-8e88-59a9-82c9-044e765788e7", + "10cb324b-df3c-5081-bc7d-b5cc6795eeef", + "7c967d92-123c-5bfc-9fe8-430e6bba5ecb", + "277a48e4-924d-5ab0-81b9-d29c2ff47ad5", + "0a3f15dc-fcde-5159-baf8-1b55f5e1ae57", + "d17ea34a-39dc-5a14-8046-f47f082b4065", + "94996ddd-cdc3-5617-a625-3052726c4654", + "ef716fc4-b1b0-595c-b66e-1e3df6a0dc1d", + "b3930262-2a19-5f3f-adf0-b34629632fbb", + "2cdac0d6-d408-54ab-bf1e-a124b6c5425b", + "abbf3314-7dde-5966-980c-a1be8cf163b8", + "587dab3d-0f40-5962-b043-6fc86e41cba2" + ] +} diff --git a/src/boot/hwids/aa64/x1p64100-acer-swift-sf14-11.json b/src/boot/hwids/aa64/x1p64100-acer-swift-sf14-11.json new file mode 100644 index 0000000000000..a29c4a01f10f2 --- /dev/null +++ b/src/boot/hwids/aa64/x1p64100-acer-swift-sf14-11.json @@ -0,0 +1,20 @@ +{ + "type": "devicetree", + "name": "Acer Swift 14 AI", + "compatible": "acer,swift-sf14-11", + "hwids": [ + "27d2dba8-e6f1-5c19-ba1c-c25a4744c161", + "676172cd-d185-53ed-aac6-245d0caa02c4", + "20c2cf2f-231c-5d02-ae9b-c837ab5653ed", + "f2ea7095-999d-5e5b-8f2a-4b636a1e399f", + "331d7526-8b88-5923-bf98-450cf3ea82a4", + "98ad068a-f812-5f13-920c-3ff3d34d263f", + "3f49141c-d8fb-5a6f-8b4a-074a2397874d", + "7c107a7f-2d77-51aa-aef8-8d777e26ffbc", + "6a12c9bc-bcfa-5448-9f66-4159dbe8c326", + "f55122fb-303f-58bc-b342-6ef653956d1d", + "ee8fa049-e5f4-51e4-89d8-89a0140b8f38", + "058c0739-1843-5a10-bab7-fae8aaf30add", + "100917f4-9c0a-5ac3-a297-794222da9bc9" + ] +} From 68aef1be1587f597fddc36a5beb4eeecca7ddd55 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 24 Feb 2026 21:09:26 +0000 Subject: [PATCH 14/26] Install hwids in /usr/lib/systemd/boot/hwids// These are meant to ship with ukify, in the same package, so install them when ukify is enabled. Given they are hardware-specific, use a per-arch subdirectory to make it easier to enable them by default in ukify. --- src/boot/meson.build | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/boot/meson.build b/src/boot/meson.build index ac84fbb89f09d..06c8146a9ebcb 100644 --- a/src/boot/meson.build +++ b/src/boot/meson.build @@ -35,6 +35,9 @@ if conf.get('ENABLE_UKIFY') == 1 meson.current_source_dir()/'hwids/test'], capture : true, build_by_default : want_tests != 'false') + install_subdir('hwids', + install_dir : libexecdir / 'boot/', + exclude_directories : ['test']) else test_hwids_section_c = [] endif From 6d5018487c3d53f5bba146f20f69063183bf0077 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 24 Feb 2026 21:56:48 +0000 Subject: [PATCH 15/26] man: fix line breaking in ukify manpage Follow-up for 098e44d03cf1968434990b7d62a0e6221fc675e0 --- man/ukify.xml | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/man/ukify.xml b/man/ukify.xml index 7462c5c92f1c9..a3fbbca93f565 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -441,17 +441,20 @@ HWIDs=PATH - The hardware ID device table (the .hwids section). The argument is a - path to a directory with JSON HWID device description files. Each file needs to contain a single JSON object with a name, compatible and hwids keys. The name and compatible keys must have string values and the hwids key must have a list of strings as value, where the strings must be valid UUIDs that represent CHIDs/HWIDs. + The hardware ID device table (the .hwids section). The argument + is a path to a directory with JSON HWID device description files. Each file needs to contain a + single JSON object with a name, compatible and + hwids keys. The name and compatible keys + must have string values and the hwids key must have a list of strings as value, + where the strings must be valid UUIDs that represent CHIDs/HWIDs. Example: - Here Example Laptop 16 Gen 7 is the device name (as defined by the manufacturer), - example,laptop-16-g7 is the compatible (as defined by the kernel) and hwids - is an array of CHIDs/HWIDs (extracted i.e. from fwupdtool hwids output). - If not specified, the section will not be present. It is recommended to specify this parameter if automatically - selectable DeviceTrees are to be used. - - + Here Example Laptop 16 Gen 7 is the device name (as defined + by the manufacturer), example,laptop-16-g7 is the compatible + (as defined by the kernel) and hwids is an array of CHIDs/HWIDs (extracted i.e. + from fwupdtool hwids output). If not specified, the section will not be + present. It is recommended to specify this parameter if automatically selectable DeviceTrees are + to be used. From 117ec9db7e71357837190833d7731bc61ae54ecc Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Tue, 24 Feb 2026 22:00:35 +0000 Subject: [PATCH 16/26] ukify: default --hwids to /usr/lib/systemd/boot/hwids// If the option is not manually specified, and the hwids directory exists for the target EFI architecture, default to it. Allow passing '' to skip. Fixes https://github.com/systemd/systemd/issues/40542 --- man/ukify.xml | 8 +++++--- src/ukify/ukify.py | 13 +++++++++---- 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/man/ukify.xml b/man/ukify.xml index a3fbbca93f565..0e818dbc4fb90 100644 --- a/man/ukify.xml +++ b/man/ukify.xml @@ -452,9 +452,11 @@ Here Example Laptop 16 Gen 7 is the device name (as defined by the manufacturer), example,laptop-16-g7 is the compatible (as defined by the kernel) and hwids is an array of CHIDs/HWIDs (extracted i.e. - from fwupdtool hwids output). If not specified, the section will not be - present. It is recommended to specify this parameter if automatically selectable DeviceTrees are - to be used. + from fwupdtool hwids output). If not specified, and the + /usr/lib/systemd/boot/hwids/[EFI_ARCH]/ directory exists, then the section will + be automatically populated from that directory (specify an empty string as the parameter for this + option to disable this behavior), otherwise it will not be present. It is recommended to specify + this parameter if automatically selectable DeviceTrees are to be used. diff --git a/src/ukify/ukify.py b/src/ukify/ukify.py index b7542c7eca305..6f492bc9ba07f 100755 --- a/src/ukify/ukify.py +++ b/src/ukify/ukify.py @@ -273,7 +273,7 @@ class UkifyConfig: devicetree: Path devicetree_auto: list[Path] efi_arch: str - hwids: Path + hwids: Union[str, Path, None] initrd: list[Path] efifw: list[Path] join_profiles: list[Path] @@ -1397,8 +1397,14 @@ def make_uki(opts: UkifyConfig) -> None: hwids = None - if opts.hwids is not None: - hwids = parse_hwid_dir(opts.hwids) + if opts.hwids != '': + if opts.hwids is not None: + hwids = parse_hwid_dir(Path(opts.hwids)) + else: + hwids_dir = Path(f'/tmp/s/usr/lib/systemd/boot/hwids/{opts.efi_arch}') + if hwids_dir.is_dir(): + print(f'Automatically building .hwids section from {hwids_dir}', file=sys.stderr) + hwids = parse_hwid_dir(hwids_dir) sections = [ # name, content, measure? @@ -1994,7 +2000,6 @@ def config_example(self) -> tuple[Optional[str], Optional[str], Optional[str]]: ConfigItem( '--hwids', metavar='DIR', - type=Path, help='Directory with HWID text files [.hwids section]', config_key='UKI/HWIDs', ), From 3b0430d0bf020f7bd0a2d68ebe3b065c35a0cf18 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 25 Feb 2026 15:51:27 +0000 Subject: [PATCH 17/26] NEWS: list hwids change --- NEWS | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/NEWS b/NEWS index 9e38b7faa31f8..7161e7aa5b4dd 100644 --- a/NEWS +++ b/NEWS @@ -111,6 +111,15 @@ CHANGES WITH 260 in spe: * A new 'verity' NVPCR has been added. Various components measure dm-verity images to it upon loading. + * A canonical set of hwid files for automated DeviceTree mapping in + UKIs is now shipped under /usr/lib/systemd/boot/hwids//. + Users and developers are welcome to contribute definitions for + their specific devices, so that UKIs can automatically find and load + the appropriate DTB on boot, without requiring per-devices and + per-kernel images. ukify now uses these definition automatically if + present on the system at build time. A first set of hwid files for + arm64 Snapdragon devices has been imported. + Changes in the system and user managers: * Systemd now uses ANSI CSI 18 sequence to query terminal size. This From c8c50243d9e2ebf90d04570aafbb25809bbfc36e Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 25 Feb 2026 15:52:48 +0000 Subject: [PATCH 18/26] NEWS: add contributors list --- NEWS | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/NEWS b/NEWS index 7161e7aa5b4dd..354dd78125fa6 100644 --- a/NEWS +++ b/NEWS @@ -333,6 +333,34 @@ CHANGES WITH 260 in spe: * getty@.service gained an [Install] and must now be explicitly enabled to be active. + Contributions from: Adam Williamson, Adrian Vovk, Alessandro Astone, + Alexis-Emmanuel Haeringer, Allison Karlitskaya, André Paiusco, + Antonio Alvarez Feijoo, Artur Kowalski, AshishKumar Mishra, + Baurzhan Muftakhidinov, Ben Boeckel, Betacentury, + Carlos Peón Costa, Carolina Jubran, Cathy Hu, Chris Down, + Chris Lindee, Christian Brauner, Christian Glombek, + Christian Hesse, Christopher Head, Daan De Meyer, Daniel Foster, + Daniel Rusek, David Santamaría Rogado, David Tardon, + Derek J. Clark, Dirk Su, Dmitry V. Levin, Dmytro Bagrii, + Ettore Atalan, Florian Klink, Franck Bui, Govind Venugopal, + Graham Reed, Guiorgy, Han Sol Jin, Hans de Goede, Heran Yang, + Ivan Kruglov, Ivan Shapovalov, James Le Cuirot, Jeff Layton, + Jeremy Kerr, Jian Wen, Jim Spentzos, Julian Sparber, + Jörg Behrmann, Kai Lüke, Lennart Poettering, Louis Stagg, + Luca Boccassi, Lucas Werkmeister, Luiz Amaral, Marc Pervaz Boocha, + Mario Limonciello (AMD), Matt Fleming, Matteo Croce, + Matthijs Kooijman, Max Gautier, Maximilian Bosch, Miao Wang, + Michael Vogt, Michal Sekletár, Mike Gilbert, Mike Yuan, + Nandakumar Raghavan, Nick Rosbrook, Nicolas Dorier, Oblivionsage, + Oleksandr Andrushchenko, Pablo Fraile Alonso, Peter Oliver, + Philip Withnall, Popax21, Ryan Zeigler, Sriman Achanta, + Tabis Kabis, Thorsten Kukuk, Tobias Heider, Tobias Stoeckmann, + Ulrich Ölmann, Usama Arif, Vitaly Kuznetsov, Vunny Sodhi, + Yaping Li, Yaron Shahrabani, Yu Watanabe, ZauberNerd, + Zbigniew Jędrzejewski-Szmek, Zongyuan He, andre4ik3, calm329, cdown, + cyclopentane, francescoza6, gvenugo3, kiamvdd, nikstur, novenary, + r-vdp, safforddr, scarlet-storm, sd416, seidlerv, smosia, tuhaowen, + zefr0x CHANGES WITH 259: From 28165f82a4db61da6574fb6931d2aa2b227adc1c Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 25 Feb 2026 15:52:57 +0000 Subject: [PATCH 19/26] NEWS: add date and place --- NEWS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/NEWS b/NEWS index 354dd78125fa6..491b698e22cba 100644 --- a/NEWS +++ b/NEWS @@ -362,6 +362,8 @@ CHANGES WITH 260 in spe: r-vdp, safforddr, scarlet-storm, sd416, seidlerv, smosia, tuhaowen, zefr0x + — Edinburgh, 2026/02/25 + CHANGES WITH 259: Announcements of Future Feature Removals and Incompatible Changes: From 8a048548a722da1685602d71c3b9f91192bea9a3 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 25 Feb 2026 15:53:38 +0000 Subject: [PATCH 20/26] meson: bump library sonames for v260~rc1 --- meson.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meson.build b/meson.build index e021b568ca53f..a6ec8e11ac446 100644 --- a/meson.build +++ b/meson.build @@ -26,8 +26,8 @@ else project_minor_version = '0' endif -libsystemd_version = '0.42.0' -libudev_version = '1.7.12' +libsystemd_version = '0.43.0' +libudev_version = '1.7.13' conf = configuration_data() conf.set_quoted('PROJECT_URL', 'https://systemd.io/') From 46efee7d2bb7055917c7eb7592fb8f249fc8b4b3 Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 25 Feb 2026 15:54:00 +0000 Subject: [PATCH 21/26] meson: bump version to v260~rc1 --- meson.version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meson.version b/meson.version index 6a3c2fa689545..b17ac6a71486d 100644 --- a/meson.version +++ b/meson.version @@ -1 +1 @@ -260~devel +260~rc1 From 756f39c2397b627fee3b5ded46c1039cff3d9b2e Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 25 Feb 2026 18:35:06 +0000 Subject: [PATCH 22/26] test: delete one more test artifact on shutdown Hopefully fixes: [ 154.500726] TEST-13-NSPAWN.sh[4351]: + tar -C /var/tmp/mangletest/ -cvzf /var/tmp/mangletest.tar.gz mangletest-0.1 [ 154.504485] TEST-13-NSPAWN.sh[5402]: mangletest-0.1/ [ 154.506908] TEST-13-NSPAWN.sh[5402]: mangletest-0.1/usr/ [ 154.508713] TEST-13-NSPAWN.sh[5402]: mangletest-0.1/usr/lib/ [ 154.509208] TEST-13-NSPAWN.sh[5402]: mangletest-0.1/usr/lib/os-release [ 154.509877] TEST-13-NSPAWN.sh[4351]: + run0 --pipe -u testuser importctl -m --user import-tar /var/tmp/mangletest.tar.gz [ 154.693870] TEST-13-NSPAWN.sh[5405]: Enqueued transfer job 9. Press C-c to continue download in background. [ 154.696371] TEST-13-NSPAWN.sh[5405]: Image 'mangletest' already exists. Fixes https://github.com/systemd/systemd/issues/40829 Follow-up for 4248b02c443de2981b2e8da199fdc63dc3121658 --- test/units/TEST-13-NSPAWN.unpriv.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/test/units/TEST-13-NSPAWN.unpriv.sh b/test/units/TEST-13-NSPAWN.unpriv.sh index b442c756c3e03..cbf332aa22093 100755 --- a/test/units/TEST-13-NSPAWN.unpriv.sh +++ b/test/units/TEST-13-NSPAWN.unpriv.sh @@ -21,6 +21,7 @@ at_exit() { rm -rf /home/testuser/.local/state/machines/wamms ||: rm -rf /home/testuser/.local/state/machines/inodetest ||: rm -rf /home/testuser/.local/state/machines/inodetest2 ||: + rm -rf /home/testuser/.local/state/machines/mangletest ||: machinectl terminate zurps ||: rm -f /etc/polkit-1/rules.d/registermachinetest.rules machinectl terminate nurps ||: From afaca649ad678031a46182b0cce667cbbbf47a6d Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 25 Feb 2026 18:57:59 +0000 Subject: [PATCH 23/26] man: fix typo Follow-up for 23115eeaf10 --- man/systemd-sysext.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/man/systemd-sysext.xml b/man/systemd-sysext.xml index d6bbc0141dfc3..c9a8f1ed017e1 100644 --- a/man/systemd-sysext.xml +++ b/man/systemd-sysext.xml @@ -378,7 +378,7 @@ for sysext and /etc/ for confext, ignore when the existing merged extensions already match what would be merged. By default the refresh is skipped when no changes are found. Note that changes done to an extension - directory while it's merged are ignored without this flag (unless an other extension got changed). + directory while it's merged are ignored without this flag (unless another extension got changed). Note that changing the contents while merged is also undefined behavior in overlayfs. From e9abcd9b260ac09d06605462ea73ff25d0c26c6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Wed, 25 Feb 2026 22:04:16 +0100 Subject: [PATCH 24/26] rpm/systemd-update-helper: use 'enqueue-marked-jobs' Without this, a warning is emitted on upgrades. Follow-up for c008f88dede789ce4572c21a2bca16ff7eede193. --- src/rpm/systemd-update-helper.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/rpm/systemd-update-helper.in b/src/rpm/systemd-update-helper.in index 6467326e359ce..9063a2cc3bdab 100755 --- a/src/rpm/systemd-update-helper.in +++ b/src/rpm/systemd-update-helper.in @@ -99,7 +99,7 @@ case "$command" in fi if [[ "$command" =~ restart ]]; then - systemctl reload-or-restart --marked + systemctl enqueue-marked-jobs fi ;; @@ -120,7 +120,7 @@ case "$command" in for user in $users; do SYSTEMD_BUS_TIMEOUT={{UPDATE_HELPER_USER_TIMEOUT_SEC}}s \ - systemctl --user -M "$user@" reload-or-restart --marked & + systemctl --user -M "$user@" enqueue-marked-jobs & done wait fi From 8fe3678af685dab827f1a22660ec2c337fb5e30c Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 25 Feb 2026 23:08:41 +0000 Subject: [PATCH 25/26] semaphore: switch to debian stable oldstable is close to moving to LTS so switch to stable --- .semaphore/semaphore-runner.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.semaphore/semaphore-runner.sh b/.semaphore/semaphore-runner.sh index 8c99b68156a30..171cac8e1c702 100755 --- a/.semaphore/semaphore-runner.sh +++ b/.semaphore/semaphore-runner.sh @@ -5,7 +5,7 @@ set -eux set -o pipefail DISTRO="${DISTRO:-debian}" -RELEASE="${RELEASE:-bookworm}" +RELEASE="${RELEASE:-trixie}" SALSA_URL="${SALSA_URL:-https://salsa.debian.org/systemd-team/systemd.git}" BRANCH="${BRANCH:-debian/master}" ARCH="${ARCH:-amd64}" From e27f740ba8c19db51de4a314d4afda4051631fde Mon Sep 17 00:00:00 2001 From: Luca Boccassi Date: Wed, 25 Feb 2026 23:12:28 +0000 Subject: [PATCH 26/26] mkosi: explicitly add mount package to build image MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some dependency changed in testing and it's not pulled in anymore: ‣ Running build script /home/runner/work/systemd/systemd/mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.build.chroot… /work/build-script: line 35: mount: command not found ‣ /work/build-script failed with non-zero exit code 127 ‣ (Maybe a program was not found or the script interpreter (e.g. bash) is not installed?) FAILED: [code=127] mkosi --- mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf b/mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf index 55d7b1d9045db..b3fd0836597cf 100644 --- a/mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf +++ b/mkosi/mkosi.images/build/mkosi.conf.d/debian-ubuntu/mkosi.conf @@ -12,3 +12,4 @@ Packages= git-core ?exact-name(libclang-rt-dev) dpkg-dev + mount