Commit Graph

647 Commits

Author SHA1 Message Date
nikstur 614131d648 lanzatool: remove placeholder code for auto enrolling uefi keys 2022-12-10 18:11:23 +01:00
Julian Stecklina 06da27529f
Merge pull request #21 from nix-community/boot-file-integrity
Verify Kernel/Initrd Integrity using Blake3
2022-12-09 23:54:14 +00:00
Jörg Thalheim c9f9f1c52a nixos/lanzaboote: pkiBundle is not actual optional
the installHook needs it.
2022-12-08 21:26:17 +01:00
Jörg Thalheim 39774a6974 fix lanzaboote module import 2022-12-08 21:23:35 +01:00
Jörg Thalheim a4ddbada50 deduplicate flakes
without this users end up with multiple copies of nixpkgs, which cannot
be overriden from the outside (follows only works on 1 level).
2022-12-08 20:40:40 +01:00
nikstur 49a8ae8aec lanzatool: skip existing files in esp 2022-12-03 19:05:12 +01:00
Julian Stecklina d35ca2d7d3 nix: fix initrd integration test 2022-12-02 13:50:32 +01:00
Julian Stecklina 85b111aa17 initrd-stub: drop unused stub
This is not useful anymore, because we don't need to wrap the initrd
anymore.
2022-11-30 09:25:17 +01:00
Julian Stecklina 401c3b8c1c lanzatool, lanzaboote: don't wrap initrd as PE
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
2022-11-30 09:23:42 +01:00
Julian Stecklina 1739ffde26 lanzaboote: verify hash of kernel and initrd 2022-11-30 09:22:14 +01:00
Julian Stecklina 7a15bba50b lanzaboote: load kernel and initrd into memory only once 2022-11-30 09:22:14 +01:00
Julian Stecklina d754a87d5c lanzaboote: cleanup kernel/initrd opening 2022-11-30 09:22:14 +01:00
Julian Stecklina 3f78939d0a lanzatool: embed kernel and initrd hashes 2022-11-30 09:22:14 +01:00
Julian Stecklina ba119d398f lanzatool: add function documentation 2022-11-30 09:22:14 +01:00
Ryan Lahfa e496b60be1
Merge pull request #22 from nix-community/crane
Drop Naersk and Enable Clippy for lanzaboote
2022-11-29 22:42:13 +01:00
Julian Stecklina c3e0e73b82
Merge pull request #23 from nix-community/test-sd-stage1
lanzaboot: test systemd stage 1
2022-11-29 21:04:50 +00:00
Raito Bezarius f7c66b027a lanzaboot: test systemd stage 1 2022-11-29 20:10:55 +01:00
Julian Stecklina 28bb93c5f3 nix: switch everything to crane and drop naersk 2022-11-28 14:01:35 +01:00
Julian Stecklina 7926ab9e5e lanzaboote: fix clippy issues 2022-11-28 13:38:01 +01:00
Julian Stecklina 4fb1e0d0dd flake.lock: Update
Flake lock file updates:

• Updated input 'crane':
    'github:ipetkov/crane/c61d98aaea5667607a36bafe5a6fa87fe5bb2c7e' (2022-11-21)
  → 'github:ipetkov/crane/24591d5f8cc979f7b243b88a2d39da09976970ad' (2022-11-28)
• Updated input 'naersk/nixpkgs':
    'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
  → 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
  → 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/018df6d3f900fc53d567045bd86208f5c00d8956' (2022-11-24)
  → 'github:oxalica/rust-overlay/b9da8e68a08707115be750c0cf7ade33f49d8ec4' (2022-11-28)
2022-11-28 13:15:59 +01:00
nikstur e6aa11f76c
Merge pull request #19 from blitz/specialisation
Lanzatool: enable specialisation
2022-11-27 18:19:59 +01:00
nikstur 0a638970e7 lanzatool: enable specialisation 2022-11-27 12:01:53 +01:00
nikstur 8e04bbf63c Merge pull request #18 from blitz/lanzatool-cli-help
Lanzatool: improve --help output
2022-11-27 00:21:28 +01:00
nikstur 98cf9e0978 lanzatool: improve --help output 2022-11-27 00:12:00 +01:00
Julian Stecklina 452e558e40 Merge pull request #17 from blitz/appease-clippy
Lanzatool: appease clippy
2022-11-26 23:36:15 +01:00
nikstur fffa7d6bfa lanzatool: appease clippy 2022-11-26 23:19:08 +01:00
nikstur f080c010e9 Merge pull request #16 from blitz/lanzatool-bootspec-from-generation
Lanzatool read bootspec for each generation
2022-11-26 23:13:32 +01:00
nikstur 0a96623461 lanzatool: bootspec from generation
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
nikstur 3c094ee5ff flake.nix: remove some redundancies 2022-11-26 22:21:05 +01:00
nikstur 3548c1a459 Merge pull request #15 from blitz/lanzatool-sign-and-copy
Lanzatool sign and copy
2022-11-26 19:30:09 +01:00
Julian Stecklina 5406e69b9a lanzatool: prepare to enable clippy
This still needs work.
2022-11-26 19:16:31 +01:00
Julian Stecklina b37ffd19d6 nix: fix indentation of checks attribute 2022-11-26 19:16:31 +01:00
Julian Stecklina 85de5d52d0 nix: build lanzatool with crane 2022-11-26 19:16:31 +01:00
Julian Stecklina 4197f369a8 doc: mention aarch64 support 2022-11-26 16:22:53 +01:00
Julian Stecklina 4c0adac9df Merge pull request #14 from blitz/lanzatool-make-it-more-typedriven
lanzatool: make it more typedriven
2022-11-26 16:21:02 +01:00
Julian Stecklina f16623d713 docs: update README 2022-11-26 16:14:26 +01:00
nikstur 967f78d374 lanzatool: hide sbsign output on happy path 2022-11-26 15:34:48 +01:00
nikstur c441f5157e lanzatool: sign and copy in one step) 2022-11-26 15:32:43 +01:00
nikstur 240c80368f lanzatool: make it more typedriven 2022-11-26 14:55:15 +01:00
Raito Bezarius 8a430b6578 readme: sprint end! 2022-11-26 03:24:54 +01:00
Ryan Lahfa 95f596f4dc lanzatool: add support for generations and correct naming of kernels a… (#12)
* lanzatool: add support for generations and correct naming of kerels and initrds

* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests

* lanzatool: ryan is a B class engineer

Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
Julian Stecklina df9716da7c Add GPLv3 license 2022-11-26 03:12:24 +01:00
Julian Stecklina 1f0f349559 lanzaboote: add error handling strings 2022-11-26 02:47:21 +01:00
Julian Stecklina 95a03d69bb lanzaboote: reorganize to avoid explicit drops 2022-11-26 02:31:01 +01:00
Julian Stecklina 702a38398f nix: remove remaining cruft from flakes.nix 2022-11-26 02:26:39 +01:00
Julian Stecklina 46452f0e46 nix: drop wrapInitrd from flake.nix 2022-11-26 02:21:05 +01:00
Julian Stecklina 691da44610 nix: rename lanzatoolBin to lanzatool-unwrapped 2022-11-26 02:17:34 +01:00
Julian Stecklina 74b815512c nix: remove qemuUefi wrapper 2022-11-26 02:17:34 +01:00
Julian Stecklina 541275acae nix: drop the stable Rust toolchain from the environment
... otherwise it messes with the unstable one we use for the UEFI
code.
2022-11-26 02:17:28 +01:00
Julian Stecklina 3434433cec Merge pull request #11 from blitz/secure-pe-assembling
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 02:14:32 +01:00