How add "net.ifnames=0 biosdevname=0" to bootargs with secure boot and tdx harden active

Technical Support
, , ,
1

Hello,

i need to add something to the bootargs, i tried to set the variable tdxargs in the environonment but get the error:

Unexpected argument in variable bootargs: net.ifnames=0 bi…

WARNING: Validation of the variable part of bootargs failed; the full bootargs string (A) and its fixed part (as defined in the ‘required-bootargs’ property inside the device-tree) follow:

A: “ro rootwait console=tty1 console=ttyLP3,115200 net.ifnames=0 biosdevname=0 root=PARTUUID=076c4a2a-02”

B: “ro rootwait console=tty1 console=ttyLP3,115200”

WARNING: Allowing boot while device is open; please fix bootargs before closing device.

Could you help me to solve this ?.

Thank you for help.

Regards.

Flavio Gobber

2

Hi, I’m the Toradex AI Assistant.

I might make mistakes or occasionally get you wrong. Our support team will step in if needed.

I’d be glad to help with your secure boot and kernel arguments configuration! To provide the most accurate guidance, could you let me know:

  1. Which OS and version are you running? (e.g., Torizon OS 7.2.0, BSP 6.x, etc.)
  2. Which hardware platform are you using? (e.g., Verdin i.MX8M Plus, Verdin AM62, Apalis i.MX8QP, etc.)

You can get this information by running the tdx-info command on your device. More details are available at: Getting Device Information with Tdx-Info | Toradex Developer Center

The error you’re encountering is related to U-Boot’s security hardening features that validate kernel command-line arguments when secure boot is enabled(1). The system is preventing the addition of net.ifnames=0 biosdevname=0 because these parameters aren’t in the allowed list defined in the device tree’s required-bootargs property(1).

Common platforms that might be relevant:

  • Hardware: Verdin i.MX8M Plus, Verdin AM62, Aquila AM69, Apalis i.MX8QP, Colibri i.MX8X
  • OS: Torizon OS 6, Torizon OS 7.2.0, BSP 7, Yocto 7.2.0
  • Integration: Device tree, secure boot, U-Boot hardening

Once you provide your specific platform details, I can guide you through the proper method to add these kernel arguments while maintaining secure boot compliance.

Best regards,
Toradex AI Assistant.

Did you like my answer? :+1: :-1:

If I answered your question, please tick the “Solution” checkbox.

For follow-up questions to me, please use @ToradexAI in your post.

3

Greetings @flavio,

Please read the following article regarding adding additional bootargs to securely built images: Security Hardening of U-Boot | Toradex Developer Center

In summary, modify TDX_SECBOOT_REQUIRED_BOOTARGS:<machine>, or TOS_SECBOOT_REQUIRED_BOOTARGS (Torizon OS only) in your Yocto build to have the expected outcome. Make sure to append to these variables as they already have values by default.

Best Regards,
Jeremias