min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
181 Commits 1 Branch 0 Tags 958 KiB
Commit Graph

55 Commits

Author SHA1 Message Date
nikstur 463d9496bf lanzatool: write sbsign output to stdout 2022-12-30 23:43:19 +01:00
nikstur d4c5af23fe lanzatool: improve error msg for file_size 2022-12-30 23:43:19 +01:00
nikstur a341baa09a lanzatool: simplify nixos_path and add unit test 2022-12-30 23:43:18 +01:00
nikstur 781651b9e0 lanzatool: improve esp_relative_path_string error msg 2022-12-30 21:11:07 +01:00
Julian Stecklina f6ae373500 lanzatool: apply rustfmt to install.rs 2022-12-28 23:59:23 +01:00
Julian Stecklina f07618b64c lanzatool: remove unused utils module 2022-12-28 23:59:23 +01:00
Julian Stecklina b762de9fec lanzatool: remove Path -> String conversions in signature module 2022-12-28 23:59:23 +01:00
Julian Stecklina 74afcb1eea lanzatool: remove Path -> String conversion from pe module 
... by using OsString, which can handle broken UTF-8 in file
names.
 2022-12-28 23:59:23 +01:00
Raito Bezarius 0ad20b0d5a lanzatool: ignore malformed generations 2022-12-26 02:47:28 +01:00
nikstur 65f3c67357 lanzatool: appease clippy by removing borrow 2022-12-25 18:05:07 +01:00
nikstur 6e66c5f0ed Cargo.toml: update bootspec to upstream 2022-12-25 18:05:07 +01:00
Raito Bezarius e3f6029643 nixos/lanzaboote: use upstream bootspec for extension generation 2022-12-25 18:05:07 +01:00
Raito Bezarius 92e7e4f49a lanzatool(bootspec): introduce DetSys's bootspec library 2022-12-18 00:29:49 +01:00
nikstur 614131d648 lanzatool: remove placeholder code for auto enrolling uefi keys 2022-12-10 18:11:23 +01:00
nikstur 49a8ae8aec lanzatool: skip existing files in esp 2022-12-03 19:05:12 +01:00
Julian Stecklina 401c3b8c1c lanzatool, lanzaboote: don't wrap initrd as PE 
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
 2022-11-30 09:23:42 +01:00
Julian Stecklina 3f78939d0a lanzatool: embed kernel and initrd hashes 2022-11-30 09:22:14 +01:00
Julian Stecklina ba119d398f lanzatool: add function documentation 2022-11-30 09:22:14 +01:00
nikstur 0a638970e7 lanzatool: enable specialisation 2022-11-27 12:01:53 +01:00
nikstur 98cf9e0978 lanzatool: improve --help output 2022-11-27 00:12:00 +01:00
nikstur fffa7d6bfa lanzatool: appease clippy 2022-11-26 23:19:08 +01:00
nikstur 0a96623461 lanzatool: bootspec from generation 
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
 2022-11-26 22:27:44 +01:00
nikstur 967f78d374 lanzatool: hide sbsign output on happy path 2022-11-26 15:34:48 +01:00
nikstur c441f5157e lanzatool: sign and copy in one step) 2022-11-26 15:32:43 +01:00
nikstur 240c80368f lanzatool: make it more typedriven 2022-11-26 14:55:15 +01:00
Ryan Lahfa 95f596f4dc lanzatool: add support for generations and correct naming of kernels a… (#12) 
* lanzatool: add support for generations and correct naming of kerels and initrds

* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests

* lanzatool: ryan is a B class engineer

Co-authored-by: nikstur@outlook.com
 2022-11-26 03:14:21 +01:00
Raito Bezarius 9f65f75289 feature: support initrd secrets 2022-11-26 02:01:41 +01:00
Raito Bezarius a3150dca11 lanzatool: perform secure assembling for lanzaboote_image and PE wrapping 2022-11-26 01:24:33 +01:00
Raito Bezarius f6930955a3 lanzatool: sync for every sign operation 2022-11-25 23:58:06 +01:00
nikstur a3ec2cfc15 lanzatool: add error messages 2022-11-25 23:50:11 +01:00
Julian Stecklina c87b2a09dc nix: fix lanzatool integration/merge mixup 2022-11-25 23:46:19 +01:00
nikstur 53c4e03619 merge this shit 2022-11-25 18:10:21 +01:00
Ryan Lahfa eda254b6cd nixpkgs: integrate the whole thing (#7) 
* nixos: add a lanzaboote module

* nixos: add a lanzaboote module

- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys

* nixos: actually enable sb

* nixos: disable it and adapt it

* lanzatool: fix init

* nixos: secureboot reached

* nixos: enrollment is optional

Co-authored-by: nikstur@outlook.com
 2022-11-25 17:59:15 +01:00
nikstur 3a093d85ab lanzatool: set permissons for all files in esp to 755 2022-11-25 17:47:24 +01:00
nikstur 7685ba088b lanzatool: reuse code for signer 2022-11-25 15:46:33 +01:00
nikstur c0391ce8d7 lanzatool: improve tempfiles and error handling in pe 2022-11-25 15:16:05 +01:00
nikstur ad3a8ec3e5 lanzatool: make --pki-bundle optional 2022-11-25 13:08:37 +01:00
nikstur cd2ef6181d lanzatool: improve signer code 2022-11-25 13:07:04 +01:00
Raito Bezarius 49519cb289 nixos: secureboot reached 2022-11-25 03:04:44 +01:00
nikstur efbb28dc99 lanzatool: fix init 2022-11-24 17:14:55 +01:00
Raito Bezarius ccdd02bf1c nixos: add a lanzaboote module 
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
 2022-11-24 17:07:05 +01:00
nikstur 858c0befb3 lanzaboot: include init in cmdline 2022-11-24 16:51:43 +01:00
nikstur aa86ae9e30 lanzatool: add cmdline args for keys 2022-11-24 14:12:00 +01:00
nikstur 587e388364 lanzatool: improve error handling 2022-11-24 13:33:01 +01:00
nikstur d40b9f281c lanzatool: remove v1 key 2022-11-24 12:26:32 +01:00
nikstur 3e7f5fa625 lanzatool: implement copying sdboot to esp 2022-11-24 11:10:19 +01:00
nikstur 73b1f7e2b5 lanzatool: readd efi relative file paths 2022-11-23 20:54:13 +01:00
nikstur 46f1e84a9d lanzatool: init wrapping initrd 2022-11-23 20:48:49 +01:00
nikstur a65998945d lanzatool: implement relative esp paths 2022-11-23 18:15:32 +01:00
nikstur 24803a04a2 lanzatool: copy image to esp output dir 2022-11-23 17:26:56 +01:00