081714cab9
Pass the built-in cmdline to the kernel
...
Do not pass our own cmdline on to the kernel. It may have been set by a
malicious boot loader specification entry, and could instruct the
kernel to load an arbitrary unprotected initrd (or perform some other
fun stuff). Instead, always pass the command line built into the UKI,
which is properly authenticated.
2023-01-31 18:32:13 +01:00
3885f114a8
Do not sign the kernel
...
Malicious boot loader specification entries could be used to make a
signed kernel load arbitrary unprotected initrds. Since we do not want
this, do not sign the kernel. This way, the only things allowed to boot
are our UKI stubs, which do verify the initrd.
2023-01-31 18:25:27 +01:00
7387c6708d
Load the kernel image ourselves
...
When loading something with UEFI LoadImage, signature validation is
performed. However, we verify the kernel by its hash already, and don't
want to sign it. Hence, we have to load it on our own.
2023-01-31 18:25:14 +01:00
96d52b215c
Make the os-release parser more precise
...
Closes #77
2023-01-30 11:46:48 +01:00
ce3b2c27b5
tool: write systemd-boot loader.conf
...
To minimize the number of arguments passed to `lzbt`, the loader config
is assembled outside `lzbt` and passed as a single argument.
Instead of reimplementing `consoleMode` under the `lanzaboote`
namespace, `config.loader.systemd-boot.consoleMode` is reused as is.
2023-01-29 16:19:14 +01:00
5f28ae75ea
tool: atomically write to ESP
...
To minimize the potential for irrecoverable errors, only atomic writes
to the ESP are performed. This is implemented by first copying the file
to the destination with a `.tmp` suffix and then renaming it to the
final desintation. This is atomic because the rename operation is atomic
on POSIX platforms.
Specifically, this means that even if the system crashes during the
operation, the final desintation path will most likely be intact if it
exists at all. There are some nuances to this however. It **cannot** be
actually guaranteed that the operation was performed on the filesystem
level. However, this is the best we can do for now.
For reference:
- POSIX rename(2): https://pubs.opengroup.org/onlinepubs/9699919799/
- Rust fs::rename corresponds to rename(2) on Unix: https://doc.rust-lang.org/std/fs/fn.rename.html
- Rust fs::rename is implemented using libc's rename: https://github.com/rust-lang/rust/blob/master/library/std/src/sys/unix/fs.rs#L1397
- Renaming in libc is atomic: https://www.gnu.org/software/libc/manual/html_node/Renaming-Files.html
2023-01-29 15:31:38 +01:00
0ca25a9bf0
Merge pull request #78 from nix-community/robust-systemd-version-parsing
...
tool: make systemd version parsing robust
2023-01-26 21:46:03 +01:00
247afb33a2
tool: make systemd version parsing robust
...
To make handling systemd versions more robust, they are parsed into a
u32 tuple instead of an f32. Additionally, some unit tests for correct
parsing and comparing of versions are added.
2023-01-26 21:30:44 +01:00
1970b95b68
tool: remove bootspec.json
...
This fixture is not necessary anymore as we have enough integration
tests.
2023-01-26 01:16:09 +01:00
cc169689f3
tool: smarter systemd-boot install
...
The process of installing systemd-boot is "smarter" because it now
considers a a few conditions instead of doing nothing if there is a file
at the deistination path. systemd-boot is now forcibly installed (i.e.
overwriting any file at the destination) if (1) there is no file at the
destination, OR (2) a newer version of systemd-boot is available, OR (3)
the signature of the file at the destination could not be verified.
2023-01-25 22:21:14 +01:00
db75203e31
tool: split esp paths
...
To access paths on the ESP before or after installing generations, split
EspPaths into general EspPaths that only depend on the path to the ESP
and EspGenerationPaths which additionally depend on generation specific
information (e.g. version number and initrd filename).
2023-01-25 00:24:40 +01:00
6e452b50df
tool: add SecureTempDirExt
...
Add an extension to TempDir that allows to create secure tempfiles. This
way, everything related to creating secure tempfiles is bundled in a
single place and can easily be reused.
2023-01-21 16:26:17 +01:00
dd499f6642
treewide: fix typos
2023-01-21 10:27:34 +01:00
5bb33f3389
treewide: simplify subproject names
...
Lanzatool is renamed to 'tool' and lanzaboote is renamed to 'stub'.
The name of the lanzatool binary is now 'lzbt' standing for
LanZaBooteTool.
2023-01-17 21:31:14 +01:00
2fce3c0802
treewde: simplify subproject directory names
...
This commit only moves the directories instead of chaning any names
inside files.
2023-01-17 21:31:14 +01:00
3db39f403b
treewide: blake3 -> sha256
...
Using the sha2 crate instead of blake3 decreases the binary size of the
stub by around 50%.
2023-01-14 02:31:54 +01:00
7f235ce004
lanzatool: spell specialised consistently
2023-01-06 23:20:31 +01:00
4f44cb70a2
lanzatool: generate custom os-release
2023-01-06 21:27:51 +01:00
b6eb6c1e52
lanzatool: keep unrelated files when running gc
2023-01-04 22:29:09 +01:00
c4e5ec7008
lanzatool: add more assertions to gc integration test
2023-01-04 01:23:13 +01:00
7afbc43195
Merge pull request #43 from nix-community/some-more-lanzatool-refactoring
...
lanzatool: some more refactoring
2023-01-02 00:41:13 +01:00
1e632c0d1d
lanzatool: add context to sbsing output failure
2023-01-02 00:34:01 +01:00
b592d92744
lanzatool: don't open file to read metadata
2023-01-02 00:34:01 +01:00
1c0438a003
lanzatool: simplify uefi path code
2023-01-02 00:33:59 +01:00
d3a96b1c3c
lanzatool: intgeration test infrastrucutre + gc tests
2023-01-02 00:05:32 +01:00
676786f811
lanzatool: add rand dev dependency
2023-01-02 00:05:21 +01:00
3c7c8340eb
lanzatool: add assert_cmd dev dependency
2023-01-02 00:05:21 +01:00
9daf9ae0a8
lanzatool: implement configuration limit
2023-01-02 00:05:17 +01:00
4a8cfa7f7f
lanzatool: add walkdir dependency
2022-12-31 02:10:36 +01:00
0a58b290e2
lanzatool: clean up parse_version and add simple test
2022-12-30 23:43:19 +01:00
463d9496bf
lanzatool: write sbsign output to stdout
2022-12-30 23:43:19 +01:00
d4c5af23fe
lanzatool: improve error msg for file_size
2022-12-30 23:43:19 +01:00
a341baa09a
lanzatool: simplify nixos_path and add unit test
2022-12-30 23:43:18 +01:00
781651b9e0
lanzatool: improve esp_relative_path_string error msg
2022-12-30 21:11:07 +01:00
f6ae373500
lanzatool: apply rustfmt to install.rs
2022-12-28 23:59:23 +01:00
f07618b64c
lanzatool: remove unused utils module
2022-12-28 23:59:23 +01:00
b762de9fec
lanzatool: remove Path -> String conversions in signature module
2022-12-28 23:59:23 +01:00
74afcb1eea
lanzatool: remove Path -> String conversion from pe module
...
... by using OsString, which can handle broken UTF-8 in file
names.
2022-12-28 23:59:23 +01:00
0ad20b0d5a
lanzatool: ignore malformed generations
2022-12-26 02:47:28 +01:00
65f3c67357
lanzatool: appease clippy by removing borrow
2022-12-25 18:05:07 +01:00
6e66c5f0ed
Cargo.toml: update bootspec to upstream
2022-12-25 18:05:07 +01:00
e3f6029643
nixos/lanzaboote: use upstream bootspec for extension generation
2022-12-25 18:05:07 +01:00
92e7e4f49a
lanzatool(bootspec): introduce DetSys's bootspec library
2022-12-18 00:29:49 +01:00
614131d648
lanzatool: remove placeholder code for auto enrolling uefi keys
2022-12-10 18:11:23 +01:00
49a8ae8aec
lanzatool: skip existing files in esp
2022-12-03 19:05:12 +01:00
85b111aa17
initrd-stub: drop unused stub
...
This is not useful anymore, because we don't need to wrap the initrd
anymore.
2022-11-30 09:25:17 +01:00
401c3b8c1c
lanzatool, lanzaboote: don't wrap initrd as PE
...
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
2022-11-30 09:23:42 +01:00
1739ffde26
lanzaboote: verify hash of kernel and initrd
2022-11-30 09:22:14 +01:00
7a15bba50b
lanzaboote: load kernel and initrd into memory only once
2022-11-30 09:22:14 +01:00
d754a87d5c
lanzaboote: cleanup kernel/initrd opening
2022-11-30 09:22:14 +01:00
3f78939d0a
lanzatool: embed kernel and initrd hashes
2022-11-30 09:22:14 +01:00
ba119d398f
lanzatool: add function documentation
2022-11-30 09:22:14 +01:00
7926ab9e5e
lanzaboote: fix clippy issues
2022-11-28 13:38:01 +01:00
0a638970e7
lanzatool: enable specialisation
2022-11-27 12:01:53 +01:00
98cf9e0978
lanzatool: improve --help output
2022-11-27 00:12:00 +01:00
fffa7d6bfa
lanzatool: appease clippy
2022-11-26 23:19:08 +01:00
0a96623461
lanzatool: bootspec from generation
...
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
967f78d374
lanzatool: hide sbsign output on happy path
2022-11-26 15:34:48 +01:00
c441f5157e
lanzatool: sign and copy in one step)
2022-11-26 15:32:43 +01:00
240c80368f
lanzatool: make it more typedriven
2022-11-26 14:55:15 +01:00
95f596f4dc
lanzatool: add support for generations and correct naming of kernels a… ( #12 )
...
* lanzatool: add support for generations and correct naming of kerels and initrds
* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests
* lanzatool: ryan is a B class engineer
Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
1f0f349559
lanzaboote: add error handling strings
2022-11-26 02:47:21 +01:00
95a03d69bb
lanzaboote: reorganize to avoid explicit drops
2022-11-26 02:31:01 +01:00
9f65f75289
feature: support initrd secrets
2022-11-26 02:01:41 +01:00
a3150dca11
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 01:24:33 +01:00
f6930955a3
lanzatool: sync for every sign operation
2022-11-25 23:58:06 +01:00
a3ec2cfc15
lanzatool: add error messages
2022-11-25 23:50:11 +01:00
c87b2a09dc
nix: fix lanzatool integration/merge mixup
2022-11-25 23:46:19 +01:00
3779e81b20
lanzaboote: handle errors in print_logo
2022-11-25 18:14:58 +01:00
6bc66052c2
lanzaboote: add EmbeddedConfiguration docs
2022-11-25 18:14:58 +01:00
a9edb1488e
lanzaboote: fix logo
...
Someone forget the E in the name.
2022-11-25 18:14:58 +01:00
53c4e03619
merge this shit
2022-11-25 18:10:21 +01:00
eda254b6cd
nixpkgs: integrate the whole thing ( #7 )
...
* nixos: add a lanzaboote module
* nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
* nixos: actually enable sb
* nixos: disable it and adapt it
* lanzatool: fix init
* nixos: secureboot reached
* nixos: enrollment is optional
Co-authored-by: nikstur@outlook.com
2022-11-25 17:59:15 +01:00
3a093d85ab
lanzatool: set permissons for all files in esp to 755
2022-11-25 17:47:24 +01:00
7685ba088b
lanzatool: reuse code for signer
2022-11-25 15:46:33 +01:00
c0391ce8d7
lanzatool: improve tempfiles and error handling in pe
2022-11-25 15:16:05 +01:00
ad3a8ec3e5
lanzatool: make --pki-bundle optional
2022-11-25 13:08:37 +01:00
cd2ef6181d
lanzatool: improve signer code
2022-11-25 13:07:04 +01:00
49519cb289
nixos: secureboot reached
2022-11-25 03:04:44 +01:00
efbb28dc99
lanzatool: fix init
2022-11-24 17:14:55 +01:00
ccdd02bf1c
nixos: add a lanzaboote module
...
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
2022-11-24 17:07:05 +01:00
858c0befb3
lanzaboot: include init in cmdline
2022-11-24 16:51:43 +01:00
aa86ae9e30
lanzatool: add cmdline args for keys
2022-11-24 14:12:00 +01:00
587e388364
lanzatool: improve error handling
2022-11-24 13:33:01 +01:00
417122e840
Merge remote-tracking branch 'origin/lanzatool-bootspec-funz'
2022-11-24 12:28:03 +01:00
d40b9f281c
lanzatool: remove v1 key
2022-11-24 12:26:32 +01:00
df716e17d6
Add documentation to initrd loader
2022-11-24 12:18:23 +01:00
30b61baf38
Add documentation to initrd loader
2022-11-24 12:11:17 +01:00
3e7f5fa625
lanzatool: implement copying sdboot to esp
2022-11-24 11:10:19 +01:00
73b1f7e2b5
lanzatool: readd efi relative file paths
2022-11-23 20:54:13 +01:00
46f1e84a9d
lanzatool: init wrapping initrd
2022-11-23 20:48:49 +01:00
a65998945d
lanzatool: implement relative esp paths
2022-11-23 18:15:32 +01:00
dcca50d14f
Refactor embedded config extraction
2022-11-23 17:57:43 +01:00
fa331d8b98
Fix section extraction
2022-11-23 17:57:23 +01:00
24803a04a2
lanzatool: copy image to esp output dir
2022-11-23 17:26:56 +01:00
5dbb8e7452
lanzatool: detrashify
2022-11-23 17:16:08 +01:00
de451fa5af
Merge remote-tracking branch 'origin/lanzatool-install'
2022-11-23 15:49:38 +01:00
c4734d11fc
lanzatool.crypto: remove
2022-11-23 15:49:02 +01:00
4dab5f7b8f
Extract Linux kernel and initrd filenames from PE binary
2022-11-23 15:46:25 +01:00
788a112050
Merge pull request #6 from blitz/lanzatool-install
...
lanzatool.install: init
2022-11-23 15:46:12 +01:00
27044f6bdf
lanzatool.crypto: remove
2022-11-23 15:44:19 +01:00
4356d342a2
lanzatool.install: init
2022-11-23 15:26:26 +01:00
1ca83c25d5
Remove some unwraps
2022-11-23 14:11:54 +01:00
8559bf664e
Add a disclaimer about the current security status
2022-11-23 14:11:24 +01:00
fe3d4015ba
Perform load_image on initrd to hopefully verify signatures
2022-11-23 14:03:53 +01:00
568fe1d499
Unwrap initrd from PE image for Linux
2022-11-23 13:51:07 +01:00
9567fa7f0e
Build tiny empty PE image as initrd carrier
2022-11-23 13:00:55 +01:00
e6953037e7
Fix clippy warnings
2022-11-23 12:13:45 +01:00
5a6c05cf11
Pass on command line from UKI to Linux kernel
2022-11-23 12:11:20 +01:00
8f2f11aa1b
Move loaded_image implementation to helpers module
2022-11-23 11:29:40 +01:00
8f58633d84
Remove unsafe LoadedImage protocol invocation
2022-11-23 11:20:51 +01:00
5e7bdfd5b5
Pass initrd to Linux
2022-11-23 00:53:00 +01:00
ee861e2fc0
Install initrd loading protocol
2022-11-23 00:53:00 +01:00
23d8929546
Create uefi helpers module
2022-11-22 16:24:09 +01:00
76e7635de8
Move PE parsing into its own module
2022-11-22 16:18:12 +01:00
9aab0d27da
Make it smaller
2022-11-22 15:53:24 +01:00
4e8fbd42cd
Regenerate lock file
2022-11-22 11:50:13 +01:00
d90fac9eef
Open current image
2022-11-22 11:50:05 +01:00
c7ca236941
lanzaboote: remove unused imports
2022-11-22 10:34:14 +01:00
50b39a3b8f
lanzaboote: safe-ize root directory finding using exts feature
2022-11-22 02:24:38 +01:00
f40199b7aa
Move Rust tools into a common directory
2022-11-22 01:53:40 +01:00
381f73e0a6
Boot a Linux kernel
2022-11-22 01:39:05 +01:00
3990557849
Factor out file reading
2022-11-22 01:13:41 +01:00
172b341a4c
Simplify code that finds the root directory
2022-11-22 01:00:36 +01:00
6e13511b4d
Add code that reads a file from the ESP
2022-11-21 17:52:06 +01:00
4970dafdbf
Add logo
2022-11-21 16:22:44 +01:00
0c013e77a7
Add crypto library
2022-11-21 16:03:58 +01:00
b10ee4d0d6
Make systemd boot the EFI binary
2022-11-21 15:36:39 +01:00
cd39fd3a6b
Initial import of Rust files
2022-11-21 12:31:23 +01:00
Alois Wohlschlager