Commit Graph

37 Commits

Author SHA1 Message Date
Raito Bezarius 51d9c1dff8 stub: split up into a linux-bootloader crate
We introduce `linux-bootloader` a crate made to build Rust-based Linux-oriented bootloaders.

It follows systemd/UAPI group and semantics as much as possible, e.g. BLS/loader capabilities/stub capabilities.
2023-09-13 17:43:35 +02:00
nikstur e7246c6bce
Merge pull request #212 from nix-community/update-flake-inputs
flake.lock: Update
2023-07-20 23:42:57 +02:00
nikstur ec210ff40d stub: fix typo 2023-07-20 22:49:45 +02:00
renovate[bot] 9cceec4008 fix(deps): update all dependencies 2023-07-20 01:27:43 +02:00
Raito Bezarius 63bbfe35d8 feat(stub): throw compile error in case of enabling fat and thin features
This is more helpful than a weird compilation error on borrow checking rules!
2023-06-10 18:06:50 +02:00
renovate[bot] 3cae2f1c63
fix(deps): update all dependencies 2023-06-05 02:00:30 +00:00
Raito Bezarius 88aeb61d85 stub: upgrade to uefi-rs 0.22.0
This upgrade is necessary to avoid borking boot on bad UEFI implementations.
2023-06-02 13:16:44 +02:00
nikstur da24357977
Merge pull request #182 from nix-community/fat-uki
stub: add fat variant
2023-06-01 22:43:53 +02:00
renovate[bot] f1d199d0b4
fix(deps): update rust crate log to 0.4.18 2023-05-29 01:38:08 +00:00
nikstur 7ecafb2947 stub: add fat variant
A compile time feature is introduced that allows to build "fat" stubs
that can be used to build "fat" UKIs. "fat" here means that the actual
kernel and initrd are embedded in the PE binary, not only the file path
and hash. This brings us one step closer to feature partiy with
systemd-stub and thus one step closer to replacing it fully. Such a
"fat" or "real" UKI is also interesting for image-based deployments of
NixOS.
2023-05-24 22:09:28 +02:00
renovate[bot] 5ecd73cdac
fix(deps): update all dependencies 2023-05-22 02:56:28 +00:00
Raito Bezarius c96299ea46 deps: update to uefi-rs 0.21.0
It simplifies our filesystem handling.
2023-05-20 23:05:15 +02:00
nikstur 7ed294c84d
Merge pull request #180 from nix-community/sync-packages-ver
chore: sync our crates version to latest tag
2023-05-19 00:36:31 +02:00
Raito Bezarius 606b9e8bab stub(tpm): Measure "UKI" (i.e. all unified sections in our stub) 2023-05-18 19:05:53 +02:00
Raito Bezarius ad28b4cd01 stub: bump crate to 0.3.0 2023-05-18 19:03:42 +02:00
nikstur e37bf51ed3 stub: format with rustfmt 2023-05-17 21:39:40 +02:00
Raito Bezarius a5372db91f hotfix(stub): rust_version -> rust-version in Cargo.toml 2023-05-05 20:11:55 +02:00
Raito Bezarius 9dd9116b1e stub: export boot loader interface efivars 2023-05-05 20:11:55 +02:00
Alois Wohlschlager ae401e4b18
stub: implement icache coherence on i686 and AArch64
People reportedly want to compile the stub on i686 and AArch64
platforms for testing. Make compilation possible by providing proper
`make_instruction_cache_coherent` implementations on these platforms.
For x86 (just as x86_64), this is a no-op, because Intel made the
instruction cache coherent for compatibility with code that was written
before caches existed.
For AArch64, adapt the procedure from their manual to multiple
instructions.
2023-04-21 18:00:14 +02:00
Alois Wohlschlager 81e25ee5c3
stub: clarify instruction cache coherence 2023-04-16 16:17:50 +02:00
Raito Bezarius 666b5e7169 stub: make it compatible with a stable Rust compiler (≥ 1.68.x) 2023-04-14 16:48:30 +02:00
Julian Stecklina 5a03bb751d stub: update dependencies
Update nightly toolchain and UEFI dependencies. The latest crane
version comes with a bug where it fails to compile UEFI binaries.
2023-03-20 09:51:30 +01:00
renovate[bot] dfa6c3db1f
chore(deps): lock file maintenance 2023-03-20 01:57:17 +00:00
Julian Stecklina 7060389698 stub: add safety comment for PE parsing 2023-03-15 21:53:19 +01:00
Julian Stecklina 9c128e9ef6 stub: do not read loaded image again from ESP
... because this might not work, if we were not loaded from a file
system. It also removes the issue where we might not load the signed
image that was actually loaded.

Fixes #123
2023-03-15 00:36:50 +01:00
renovate[bot] e321ad1626
fix(deps): update all dependencies 2023-02-27 02:01:48 +00:00
Janne Heß de4c62a1bd stub: lanzatool -> lzbt 2023-02-23 09:32:28 +01:00
Julian Stecklina 90755b789f stub: use logger instead of printing manually 2023-02-21 01:32:29 +01:00
Julian Stecklina 7bde42f4a8 stub: enable logger in uefi-services 2023-02-21 01:32:29 +01:00
Julian Stecklina 3a9cd26c5e stub: update uefi dependency to 0.19.1 2023-02-21 00:50:34 +01:00
Julian Stecklina 697d0d1baa stub: drop unused ed25519-compact dependency 2023-02-21 00:35:00 +01:00
Julian Stecklina 8b00b748f2 stub: add fall back for hash mismatches when Secure Boot is off 2023-02-02 18:03:54 +01:00
Julian Stecklina 8d2ebbc6a7 stub: move linux booting into its own function 2023-02-02 18:03:54 +01:00
Alois Wohlschlager 081714cab9
Pass the built-in cmdline to the kernel
Do not pass our own cmdline on to the kernel. It may have been set by a
malicious boot loader specification entry, and could instruct the
kernel to load an arbitrary unprotected initrd (or perform some other
fun stuff). Instead, always pass the command line built into the UKI,
which is properly authenticated.
2023-01-31 18:32:13 +01:00
Alois Wohlschlager 7387c6708d
Load the kernel image ourselves
When loading something with UEFI LoadImage, signature validation is
performed. However, we verify the kernel by its hash already, and don't
want to sign it. Hence, we have to load it on our own.
2023-01-31 18:25:14 +01:00
nikstur 5bb33f3389 treewide: simplify subproject names
Lanzatool is renamed to 'tool' and lanzaboote is renamed to 'stub'.
The name of the lanzatool binary is now 'lzbt' standing for
LanZaBooteTool.
2023-01-17 21:31:14 +01:00
nikstur 2fce3c0802 treewde: simplify subproject directory names
This commit only moves the directories instead of chaning any names
inside files.
2023-01-17 21:31:14 +01:00