This closes a loophole introduced by the initramfs debug shell which is
enabled by default:

"The initramfs-tools package includes a debug shell in the initrds it
generates. If for example the initrd is unable to mount your root file
system, you will be dropped into this debug shell which has basic
commands available to help trace the problem and possibly fix it." [1]

[1] https://www.debian.org/releases/buster/amd64/release-notes/ch-upgrading.en.html#recovery-initrd

Signed-off-by: Michael Adler <michael.adler@...>
---
wic/qemu-amd64-efibootguard-secureboot.wks | 2 ++
wic/qemu-amd64-efibootguard.wks | 2 ++
wic/simatic-ipc227e-efibootguard.wks | 2 ++
wic/swupdate-partition.inc | 2 --
4 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/wic/qemu-amd64-efibootguard-secureboot.wks b/wic/qemu-amd64-efibootguard-secureboot.wks
index 9ccf501..ff351db 100644
--- a/wic/qemu-amd64-efibootguard-secureboot.wks
+++ b/wic/qemu-amd64-efibootguard-secureboot.wks
@@ -7,3 +7,5 @@ part --source efibootguard-boot --ondisk sda --size 32M --extra-space 0 --overhe
part --source efibootguard-boot --ondisk sda --size 32M --extra-space 0 --overhead-factor 1 --label BOOT1 --align 1024 --part-type=0700 --sourceparams "revision=1,unified-kernel=y,signwith=/usr/bin/sign_secure_image.sh"

include swupdate-partition.inc
+
+bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk panic=0"
diff --git a/wic/qemu-amd64-efibootguard.wks b/wic/qemu-amd64-efibootguard.wks
index a9a8446..6653068 100644
--- a/wic/qemu-amd64-efibootguard.wks
+++ b/wic/qemu-amd64-efibootguard.wks
@@ -2,3 +2,5 @@
# long-description: Disk image for qemu-amd64 with EFI Boot Guard and SWUpdate
include ebg-sysparts.inc
include swupdate-partition.inc
+
+bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk"
diff --git a/wic/simatic-ipc227e-efibootguard.wks b/wic/simatic-ipc227e-efibootguard.wks
index 74446d3..f6191bc 100644
--- a/wic/simatic-ipc227e-efibootguard.wks
+++ b/wic/simatic-ipc227e-efibootguard.wks
@@ -3,3 +3,5 @@

include ebg-sysparts.inc
include swupdate-partition.inc
+
+bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk"
diff --git a/wic/swupdate-partition.inc b/wic/swupdate-partition.inc
index 15fbe80..7bec9d7 100644
--- a/wic/swupdate-partition.inc
+++ b/wic/swupdate-partition.inc
@@ -1,4 +1,2 @@
part --source rootfs --uuid "fedcba98-7654-3210-cafe-5e0710000001" --size 1000M --extra-space 128M --overhead-factor 1 --label systema --align 1024 --fstype=ext4
part --source rootfs --uuid "fedcba98-7654-3210-cafe-5e0710000002" --size 1000M --extra-space 128M --overhead-factor 1 --label systemb --align 1024 --fstype=ext4
-
-bootloader --ptable gpt --append="console=tty0 console=ttyS0,115200 rootwait earlyprintk"