min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos: secureboot reached

This commit is contained in:
Raito Bezarius 2022-11-25 03:04:44 +01:00
parent efbb28dc99
commit 49519cb289
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
flake.nix
View File

@ -154,6 +154,8 @@
}) })
pkgs.sbsigntool pkgs.sbsigntool
pkgs.efitools pkgs.efitools
pkgs.python39Packages.ovmfvartool
pkgs.qemu
]; ];
inputsFrom = [ inputsFrom = [
@ -176,7 +178,7 @@
virtualisation = { virtualisation = {
useBootLoader = true; useBootLoader = true;
useEFIBoot = true; useEFIBoot = true;
useSecureBoot = false; useSecureBoot = true;
}; };
boot.loader.efi = { boot.loader.efi = {
@ -192,7 +194,7 @@
}; };
testScript = '' testScript = ''
machine.start() machine.start()
machine.shutdown() print(machine.succeed("bootctl status"))
''; '';
}; };
}; };

6
rust/lanzatool/src/signer.rs
View File

@ -13,8 +13,8 @@ impl<'a> Signer<'a> {
pub fn new(signer: &Path, public_key: &'a Path, private_key: &'a Path) -> Self { pub fn new(signer: &Path, public_key: &'a Path, private_key: &'a Path) -> Self {
Self { Self {
sbsigntool: signer.to_path_buf(), sbsigntool: signer.to_path_buf(),
public_key: public_key, public_key,
private_key: private_key private_key
} }
} }
@ -24,6 +24,8 @@ impl<'a> Signer<'a> {
String::from(self.private_key.to_str().unwrap()), String::from(self.private_key.to_str().unwrap()),
String::from("--cert"), String::from("--cert"),
String::from(self.public_key.to_str().unwrap()), String::from(self.public_key.to_str().unwrap()),
String::from(filepath.to_str().unwrap()),
String::from("--output"),
String::from(filepath.to_str().unwrap()) String::from(filepath.to_str().unwrap())
]; ];