Alois Wohlschlager
081714cab9
Pass the built-in cmdline to the kernel
...
Do not pass our own cmdline on to the kernel. It may have been set by a
malicious boot loader specification entry, and could instruct the
kernel to load an arbitrary unprotected initrd (or perform some other
fun stuff). Instead, always pass the command line built into the UKI,
which is properly authenticated.
2023-01-31 18:32:13 +01:00
Alois Wohlschlager
3885f114a8
Do not sign the kernel
...
Malicious boot loader specification entries could be used to make a
signed kernel load arbitrary unprotected initrds. Since we do not want
this, do not sign the kernel. This way, the only things allowed to boot
are our UKI stubs, which do verify the initrd.
2023-01-31 18:25:27 +01:00
Alois Wohlschlager
7387c6708d
Load the kernel image ourselves
...
When loading something with UEFI LoadImage, signature validation is
performed. However, we verify the kernel by its hash already, and don't
want to sign it. Hence, we have to load it on our own.
2023-01-31 18:25:14 +01:00
Janne Heß
96d52b215c
Make the os-release parser more precise
...
Closes #77
2023-01-30 11:46:48 +01:00
nikstur
ce3b2c27b5
tool: write systemd-boot loader.conf
...
To minimize the number of arguments passed to `lzbt`, the loader config
is assembled outside `lzbt` and passed as a single argument.
Instead of reimplementing `consoleMode` under the `lanzaboote`
namespace, `config.loader.systemd-boot.consoleMode` is reused as is.
2023-01-29 16:19:14 +01:00
nikstur
5f28ae75ea
tool: atomically write to ESP
...
To minimize the potential for irrecoverable errors, only atomic writes
to the ESP are performed. This is implemented by first copying the file
to the destination with a `.tmp` suffix and then renaming it to the
final desintation. This is atomic because the rename operation is atomic
on POSIX platforms.
Specifically, this means that even if the system crashes during the
operation, the final desintation path will most likely be intact if it
exists at all. There are some nuances to this however. It **cannot** be
actually guaranteed that the operation was performed on the filesystem
level. However, this is the best we can do for now.
For reference:
- POSIX rename(2): https://pubs.opengroup.org/onlinepubs/9699919799/
- Rust fs::rename corresponds to rename(2) on Unix: https://doc.rust-lang.org/std/fs/fn.rename.html
- Rust fs::rename is implemented using libc's rename: https://github.com/rust-lang/rust/blob/master/library/std/src/sys/unix/fs.rs#L1397
- Renaming in libc is atomic: https://www.gnu.org/software/libc/manual/html_node/Renaming-Files.html
2023-01-29 15:31:38 +01:00
nikstur
0ca25a9bf0
Merge pull request #78 from nix-community/robust-systemd-version-parsing
...
tool: make systemd version parsing robust
2023-01-26 21:46:03 +01:00
nikstur
247afb33a2
tool: make systemd version parsing robust
...
To make handling systemd versions more robust, they are parsed into a
u32 tuple instead of an f32. Additionally, some unit tests for correct
parsing and comparing of versions are added.
2023-01-26 21:30:44 +01:00
nikstur
1970b95b68
tool: remove bootspec.json
...
This fixture is not necessary anymore as we have enough integration
tests.
2023-01-26 01:16:09 +01:00
nikstur
cc169689f3
tool: smarter systemd-boot install
...
The process of installing systemd-boot is "smarter" because it now
considers a a few conditions instead of doing nothing if there is a file
at the deistination path. systemd-boot is now forcibly installed (i.e.
overwriting any file at the destination) if (1) there is no file at the
destination, OR (2) a newer version of systemd-boot is available, OR (3)
the signature of the file at the destination could not be verified.
2023-01-25 22:21:14 +01:00
nikstur
db75203e31
tool: split esp paths
...
To access paths on the ESP before or after installing generations, split
EspPaths into general EspPaths that only depend on the path to the ESP
and EspGenerationPaths which additionally depend on generation specific
information (e.g. version number and initrd filename).
2023-01-25 00:24:40 +01:00
nikstur
6e452b50df
tool: add SecureTempDirExt
...
Add an extension to TempDir that allows to create secure tempfiles. This
way, everything related to creating secure tempfiles is bundled in a
single place and can easily be reused.
2023-01-21 16:26:17 +01:00
Julian Stecklina
dd499f6642
treewide: fix typos
2023-01-21 10:27:34 +01:00
nikstur
5bb33f3389
treewide: simplify subproject names
...
Lanzatool is renamed to 'tool' and lanzaboote is renamed to 'stub'.
The name of the lanzatool binary is now 'lzbt' standing for
LanZaBooteTool.
2023-01-17 21:31:14 +01:00
nikstur
2fce3c0802
treewde: simplify subproject directory names
...
This commit only moves the directories instead of chaning any names
inside files.
2023-01-17 21:31:14 +01:00
nikstur
3db39f403b
treewide: blake3 -> sha256
...
Using the sha2 crate instead of blake3 decreases the binary size of the
stub by around 50%.
2023-01-14 02:31:54 +01:00
nikstur
7f235ce004
lanzatool: spell specialised consistently
2023-01-06 23:20:31 +01:00
nikstur
4f44cb70a2
lanzatool: generate custom os-release
2023-01-06 21:27:51 +01:00
nikstur
b6eb6c1e52
lanzatool: keep unrelated files when running gc
2023-01-04 22:29:09 +01:00
nikstur
c4e5ec7008
lanzatool: add more assertions to gc integration test
2023-01-04 01:23:13 +01:00
nikstur
7afbc43195
Merge pull request #43 from nix-community/some-more-lanzatool-refactoring
...
lanzatool: some more refactoring
2023-01-02 00:41:13 +01:00
nikstur
1e632c0d1d
lanzatool: add context to sbsing output failure
2023-01-02 00:34:01 +01:00
nikstur
b592d92744
lanzatool: don't open file to read metadata
2023-01-02 00:34:01 +01:00
nikstur
1c0438a003
lanzatool: simplify uefi path code
2023-01-02 00:33:59 +01:00
nikstur
d3a96b1c3c
lanzatool: intgeration test infrastrucutre + gc tests
2023-01-02 00:05:32 +01:00
nikstur
676786f811
lanzatool: add rand dev dependency
2023-01-02 00:05:21 +01:00
nikstur
3c7c8340eb
lanzatool: add assert_cmd dev dependency
2023-01-02 00:05:21 +01:00
nikstur
9daf9ae0a8
lanzatool: implement configuration limit
2023-01-02 00:05:17 +01:00
nikstur
4a8cfa7f7f
lanzatool: add walkdir dependency
2022-12-31 02:10:36 +01:00
nikstur
0a58b290e2
lanzatool: clean up parse_version and add simple test
2022-12-30 23:43:19 +01:00
nikstur
463d9496bf
lanzatool: write sbsign output to stdout
2022-12-30 23:43:19 +01:00
nikstur
d4c5af23fe
lanzatool: improve error msg for file_size
2022-12-30 23:43:19 +01:00
nikstur
a341baa09a
lanzatool: simplify nixos_path and add unit test
2022-12-30 23:43:18 +01:00
nikstur
781651b9e0
lanzatool: improve esp_relative_path_string error msg
2022-12-30 21:11:07 +01:00
Julian Stecklina
f6ae373500
lanzatool: apply rustfmt to install.rs
2022-12-28 23:59:23 +01:00
Julian Stecklina
f07618b64c
lanzatool: remove unused utils module
2022-12-28 23:59:23 +01:00
Julian Stecklina
b762de9fec
lanzatool: remove Path -> String conversions in signature module
2022-12-28 23:59:23 +01:00
Julian Stecklina
74afcb1eea
lanzatool: remove Path -> String conversion from pe module
...
... by using OsString, which can handle broken UTF-8 in file
names.
2022-12-28 23:59:23 +01:00
Raito Bezarius
0ad20b0d5a
lanzatool: ignore malformed generations
2022-12-26 02:47:28 +01:00
nikstur
65f3c67357
lanzatool: appease clippy by removing borrow
2022-12-25 18:05:07 +01:00
nikstur
6e66c5f0ed
Cargo.toml: update bootspec to upstream
2022-12-25 18:05:07 +01:00
Raito Bezarius
e3f6029643
nixos/lanzaboote: use upstream bootspec for extension generation
2022-12-25 18:05:07 +01:00
Raito Bezarius
92e7e4f49a
lanzatool(bootspec): introduce DetSys's bootspec library
2022-12-18 00:29:49 +01:00
nikstur
614131d648
lanzatool: remove placeholder code for auto enrolling uefi keys
2022-12-10 18:11:23 +01:00
nikstur
49a8ae8aec
lanzatool: skip existing files in esp
2022-12-03 19:05:12 +01:00
Julian Stecklina
85b111aa17
initrd-stub: drop unused stub
...
This is not useful anymore, because we don't need to wrap the initrd
anymore.
2022-11-30 09:25:17 +01:00
Julian Stecklina
401c3b8c1c
lanzatool, lanzaboote: don't wrap initrd as PE
...
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
2022-11-30 09:23:42 +01:00
Julian Stecklina
1739ffde26
lanzaboote: verify hash of kernel and initrd
2022-11-30 09:22:14 +01:00
Julian Stecklina
7a15bba50b
lanzaboote: load kernel and initrd into memory only once
2022-11-30 09:22:14 +01:00
Julian Stecklina
d754a87d5c
lanzaboote: cleanup kernel/initrd opening
2022-11-30 09:22:14 +01:00
Julian Stecklina
3f78939d0a
lanzatool: embed kernel and initrd hashes
2022-11-30 09:22:14 +01:00
Julian Stecklina
ba119d398f
lanzatool: add function documentation
2022-11-30 09:22:14 +01:00
Julian Stecklina
7926ab9e5e
lanzaboote: fix clippy issues
2022-11-28 13:38:01 +01:00
nikstur
0a638970e7
lanzatool: enable specialisation
2022-11-27 12:01:53 +01:00
nikstur
98cf9e0978
lanzatool: improve --help output
2022-11-27 00:12:00 +01:00
nikstur
fffa7d6bfa
lanzatool: appease clippy
2022-11-26 23:19:08 +01:00
nikstur
0a96623461
lanzatool: bootspec from generation
...
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
nikstur
967f78d374
lanzatool: hide sbsign output on happy path
2022-11-26 15:34:48 +01:00
nikstur
c441f5157e
lanzatool: sign and copy in one step)
2022-11-26 15:32:43 +01:00
nikstur
240c80368f
lanzatool: make it more typedriven
2022-11-26 14:55:15 +01:00
Ryan Lahfa
95f596f4dc
lanzatool: add support for generations and correct naming of kernels a… ( #12 )
...
* lanzatool: add support for generations and correct naming of kerels and initrds
* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests
* lanzatool: ryan is a B class engineer
Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
Julian Stecklina
1f0f349559
lanzaboote: add error handling strings
2022-11-26 02:47:21 +01:00
Julian Stecklina
95a03d69bb
lanzaboote: reorganize to avoid explicit drops
2022-11-26 02:31:01 +01:00
Raito Bezarius
9f65f75289
feature: support initrd secrets
2022-11-26 02:01:41 +01:00
Raito Bezarius
a3150dca11
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 01:24:33 +01:00
Raito Bezarius
f6930955a3
lanzatool: sync for every sign operation
2022-11-25 23:58:06 +01:00
nikstur
a3ec2cfc15
lanzatool: add error messages
2022-11-25 23:50:11 +01:00
Julian Stecklina
c87b2a09dc
nix: fix lanzatool integration/merge mixup
2022-11-25 23:46:19 +01:00
Julian Stecklina
3779e81b20
lanzaboote: handle errors in print_logo
2022-11-25 18:14:58 +01:00
Julian Stecklina
6bc66052c2
lanzaboote: add EmbeddedConfiguration docs
2022-11-25 18:14:58 +01:00
Julian Stecklina
a9edb1488e
lanzaboote: fix logo
...
Someone forget the E in the name.
2022-11-25 18:14:58 +01:00
nikstur
53c4e03619
merge this shit
2022-11-25 18:10:21 +01:00
Ryan Lahfa
eda254b6cd
nixpkgs: integrate the whole thing ( #7 )
...
* nixos: add a lanzaboote module
* nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
* nixos: actually enable sb
* nixos: disable it and adapt it
* lanzatool: fix init
* nixos: secureboot reached
* nixos: enrollment is optional
Co-authored-by: nikstur@outlook.com
2022-11-25 17:59:15 +01:00
nikstur
3a093d85ab
lanzatool: set permissons for all files in esp to 755
2022-11-25 17:47:24 +01:00
nikstur
7685ba088b
lanzatool: reuse code for signer
2022-11-25 15:46:33 +01:00
nikstur
c0391ce8d7
lanzatool: improve tempfiles and error handling in pe
2022-11-25 15:16:05 +01:00
nikstur
ad3a8ec3e5
lanzatool: make --pki-bundle optional
2022-11-25 13:08:37 +01:00
nikstur
cd2ef6181d
lanzatool: improve signer code
2022-11-25 13:07:04 +01:00
Raito Bezarius
49519cb289
nixos: secureboot reached
2022-11-25 03:04:44 +01:00
nikstur
efbb28dc99
lanzatool: fix init
2022-11-24 17:14:55 +01:00
Raito Bezarius
ccdd02bf1c
nixos: add a lanzaboote module
...
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
2022-11-24 17:07:05 +01:00
nikstur
858c0befb3
lanzaboot: include init in cmdline
2022-11-24 16:51:43 +01:00
nikstur
aa86ae9e30
lanzatool: add cmdline args for keys
2022-11-24 14:12:00 +01:00
nikstur
587e388364
lanzatool: improve error handling
2022-11-24 13:33:01 +01:00
Julian Stecklina
417122e840
Merge remote-tracking branch 'origin/lanzatool-bootspec-funz'
2022-11-24 12:28:03 +01:00
nikstur
d40b9f281c
lanzatool: remove v1 key
2022-11-24 12:26:32 +01:00
Julian Stecklina
df716e17d6
Add documentation to initrd loader
2022-11-24 12:18:23 +01:00
Julian Stecklina
30b61baf38
Add documentation to initrd loader
2022-11-24 12:11:17 +01:00
nikstur
3e7f5fa625
lanzatool: implement copying sdboot to esp
2022-11-24 11:10:19 +01:00
nikstur
73b1f7e2b5
lanzatool: readd efi relative file paths
2022-11-23 20:54:13 +01:00
nikstur
46f1e84a9d
lanzatool: init wrapping initrd
2022-11-23 20:48:49 +01:00
nikstur
a65998945d
lanzatool: implement relative esp paths
2022-11-23 18:15:32 +01:00
Julian Stecklina
dcca50d14f
Refactor embedded config extraction
2022-11-23 17:57:43 +01:00
Julian Stecklina
fa331d8b98
Fix section extraction
2022-11-23 17:57:23 +01:00
nikstur
24803a04a2
lanzatool: copy image to esp output dir
2022-11-23 17:26:56 +01:00
nikstur
5dbb8e7452
lanzatool: detrashify
2022-11-23 17:16:08 +01:00
Julian Stecklina
de451fa5af
Merge remote-tracking branch 'origin/lanzatool-install'
2022-11-23 15:49:38 +01:00
nikstur
c4734d11fc
lanzatool.crypto: remove
2022-11-23 15:49:02 +01:00
Julian Stecklina
4dab5f7b8f
Extract Linux kernel and initrd filenames from PE binary
2022-11-23 15:46:25 +01:00
Julian Stecklina
788a112050
Merge pull request #6 from blitz/lanzatool-install
...
lanzatool.install: init
2022-11-23 15:46:12 +01:00
nikstur
27044f6bdf
lanzatool.crypto: remove
2022-11-23 15:44:19 +01:00
nikstur
4356d342a2
lanzatool.install: init
2022-11-23 15:26:26 +01:00
Julian Stecklina
1ca83c25d5
Remove some unwraps
2022-11-23 14:11:54 +01:00
Julian Stecklina
8559bf664e
Add a disclaimer about the current security status
2022-11-23 14:11:24 +01:00
Julian Stecklina
fe3d4015ba
Perform load_image on initrd to hopefully verify signatures
2022-11-23 14:03:53 +01:00
Julian Stecklina
568fe1d499
Unwrap initrd from PE image for Linux
2022-11-23 13:51:07 +01:00
Julian Stecklina
9567fa7f0e
Build tiny empty PE image as initrd carrier
2022-11-23 13:00:55 +01:00
Julian Stecklina
e6953037e7
Fix clippy warnings
2022-11-23 12:13:45 +01:00
Julian Stecklina
5a6c05cf11
Pass on command line from UKI to Linux kernel
2022-11-23 12:11:20 +01:00
Julian Stecklina
8f2f11aa1b
Move loaded_image implementation to helpers module
2022-11-23 11:29:40 +01:00
Julian Stecklina
8f58633d84
Remove unsafe LoadedImage protocol invocation
2022-11-23 11:20:51 +01:00
Julian Stecklina
5e7bdfd5b5
Pass initrd to Linux
2022-11-23 00:53:00 +01:00
Julian Stecklina
ee861e2fc0
Install initrd loading protocol
2022-11-23 00:53:00 +01:00
Julian Stecklina
23d8929546
Create uefi helpers module
2022-11-22 16:24:09 +01:00
Julian Stecklina
76e7635de8
Move PE parsing into its own module
2022-11-22 16:18:12 +01:00
Julian Stecklina
9aab0d27da
Make it smaller
2022-11-22 15:53:24 +01:00
Julian Stecklina
4e8fbd42cd
Regenerate lock file
2022-11-22 11:50:13 +01:00
Julian Stecklina
d90fac9eef
Open current image
2022-11-22 11:50:05 +01:00
Raito Bezarius
c7ca236941
lanzaboote: remove unused imports
2022-11-22 10:34:14 +01:00
Raito Bezarius
50b39a3b8f
lanzaboote: safe-ize root directory finding using exts feature
2022-11-22 02:24:38 +01:00
Julian Stecklina
f40199b7aa
Move Rust tools into a common directory
2022-11-22 01:53:40 +01:00
Julian Stecklina
381f73e0a6
Boot a Linux kernel
2022-11-22 01:39:05 +01:00
Julian Stecklina
3990557849
Factor out file reading
2022-11-22 01:13:41 +01:00
Julian Stecklina
172b341a4c
Simplify code that finds the root directory
2022-11-22 01:00:36 +01:00
Julian Stecklina
6e13511b4d
Add code that reads a file from the ESP
2022-11-21 17:52:06 +01:00
Julian Stecklina
4970dafdbf
Add logo
2022-11-21 16:22:44 +01:00
Julian Stecklina
0c013e77a7
Add crypto library
2022-11-21 16:03:58 +01:00
Julian Stecklina
b10ee4d0d6
Make systemd boot the EFI binary
2022-11-21 15:36:39 +01:00
Julian Stecklina
cd39fd3a6b
Initial import of Rust files
2022-11-21 12:31:23 +01:00