Comment 16 for bug 1878422

initrd cannot trust anything that cannot be verified.

snap assertions however are signed and verified... and contain lots of "timestamp: " and "since: " fields.

In the initrd, snap-bootstrap initramfs-mounts should have a mode to set system time, as it is loading and verifying the assertions.

Such that the latest verified time seen, is good enough epoch time for the initrd.

something along the lines of

if ! /usr/lib/snapd/snap-bootstrap initramfs-mounts; then
 . /proc/cmdline
 date -u -D%Y-%m-%dT%H:%M:%S "$(sed -n 's/timestamp: //p;s/since: //p' /run/mnt/ubuntu-seed/systems/"$snapd_recovery_system"/assertions/* | sort | tail -n1)"
 /usr/lib/snapd/snap-bootstrap initramfs-mounts
fi