Commit Graph

88 Commits

Author SHA1 Message Date
nikstur 53c4e03619 merge this shit 2022-11-25 18:10:21 +01:00
Ryan Lahfa eda254b6cd nixpkgs: integrate the whole thing (#7)
* nixos: add a lanzaboote module

* nixos: add a lanzaboote module

- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys

* nixos: actually enable sb

* nixos: disable it and adapt it

* lanzatool: fix init

* nixos: secureboot reached

* nixos: enrollment is optional

Co-authored-by: nikstur@outlook.com
2022-11-25 17:59:15 +01:00
nikstur 3a093d85ab lanzatool: set permissons for all files in esp to 755 2022-11-25 17:47:24 +01:00
nikstur 91b8cb02e4 flake.nix: use nixosTest instead of importing file 2022-11-25 17:39:01 +01:00
nikstur 7685ba088b lanzatool: reuse code for signer 2022-11-25 15:46:33 +01:00
nikstur c0391ce8d7 lanzatool: improve tempfiles and error handling in pe 2022-11-25 15:16:05 +01:00
nikstur ad3a8ec3e5 lanzatool: make --pki-bundle optional 2022-11-25 13:08:37 +01:00
nikstur cd2ef6181d lanzatool: improve signer code 2022-11-25 13:07:04 +01:00
Raito Bezarius a99646bb01 nixos: enrollment is optional 2022-11-25 11:29:56 +01:00
Raito Bezarius 49519cb289 nixos: secureboot reached 2022-11-25 03:04:44 +01:00
nikstur efbb28dc99 lanzatool: fix init 2022-11-24 17:14:55 +01:00
Raito Bezarius e75d892964 nixos: disable it and adapt it 2022-11-24 17:09:51 +01:00
Raito Bezarius 2148cb06ab nixos: actually enable sb 2022-11-24 17:07:06 +01:00
Raito Bezarius ccdd02bf1c nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
2022-11-24 17:07:05 +01:00
Raito Bezarius c53477fbf5 nixos: add a lanzaboote module 2022-11-24 16:59:59 +01:00
Ryan Lahfa a089c6fb3d Merge pull request #8 from blitz/lanzatool-fix-cmdline
lanzaboot: include init in cmdline
2022-11-24 15:55:21 +00:00
nikstur 858c0befb3 lanzaboot: include init in cmdline 2022-11-24 16:51:43 +01:00
nikstur aa86ae9e30 lanzatool: add cmdline args for keys 2022-11-24 14:12:00 +01:00
nikstur 587e388364 lanzatool: improve error handling 2022-11-24 13:33:01 +01:00
Julian Stecklina 1dfa7c7fc8 Fix flake name 2022-11-24 12:29:16 +01:00
Julian Stecklina 417122e840 Merge remote-tracking branch 'origin/lanzatool-bootspec-funz' 2022-11-24 12:28:03 +01:00
nikstur d40b9f281c lanzatool: remove v1 key 2022-11-24 12:26:32 +01:00
Julian Stecklina df716e17d6 Add documentation to initrd loader 2022-11-24 12:18:23 +01:00
Julian Stecklina 30b61baf38 Add documentation to initrd loader 2022-11-24 12:11:17 +01:00
Julian Stecklina 521bf343f5 Use makeWrapper to wrap lanzatool 2022-11-24 12:05:46 +01:00
Julian Stecklina 7245142c55 Merge remote-tracking branch 'origin/lanzatool-wrapper' 2022-11-24 11:46:37 +01:00
nikstur b555c18e83 lanzatool: add wrapper 2022-11-24 11:45:09 +01:00
Julian Stecklina 15b966627a docs: add more overview information 2022-11-24 11:41:35 +01:00
Julian Stecklina babb064636 Fix license badge (harder) 2022-11-24 11:21:17 +01:00
Julian Stecklina 100504e370 Fix license badge 2022-11-24 11:20:50 +01:00
Julian Stecklina 051f116b71 doc: added small README 2022-11-24 11:19:30 +01:00
nikstur 3e7f5fa625 lanzatool: implement copying sdboot to esp 2022-11-24 11:10:19 +01:00
nikstur 73b1f7e2b5 lanzatool: readd efi relative file paths 2022-11-23 20:54:13 +01:00
nikstur 46f1e84a9d lanzatool: init wrapping initrd 2022-11-23 20:48:49 +01:00
nikstur a65998945d lanzatool: implement relative esp paths 2022-11-23 18:15:32 +01:00
Julian Stecklina dcca50d14f Refactor embedded config extraction 2022-11-23 17:57:43 +01:00
Julian Stecklina fa331d8b98 Fix section extraction 2022-11-23 17:57:23 +01:00
nikstur 24803a04a2 lanzatool: copy image to esp output dir 2022-11-23 17:26:56 +01:00
nikstur 5dbb8e7452 lanzatool: detrashify 2022-11-23 17:16:08 +01:00
Julian Stecklina de451fa5af Merge remote-tracking branch 'origin/lanzatool-install' 2022-11-23 15:49:38 +01:00
nikstur c4734d11fc lanzatool.crypto: remove 2022-11-23 15:49:02 +01:00
Julian Stecklina 4dab5f7b8f Extract Linux kernel and initrd filenames from PE binary 2022-11-23 15:46:25 +01:00
Julian Stecklina 788a112050 Merge pull request #6 from blitz/lanzatool-install
lanzatool.install: init
2022-11-23 15:46:12 +01:00
nikstur 27044f6bdf lanzatool.crypto: remove 2022-11-23 15:44:19 +01:00
Julian Stecklina 10e516c148 Merge pull request #5 from blitz/magic-mk-shell
flake.nix: automagically use deps in shell with inputsFrom
2022-11-23 15:41:04 +01:00
nikstur 4356d342a2 lanzatool.install: init 2022-11-23 15:26:26 +01:00
Julian Stecklina 1ca83c25d5 Remove some unwraps 2022-11-23 14:11:54 +01:00
Julian Stecklina 8559bf664e Add a disclaimer about the current security status 2022-11-23 14:11:24 +01:00
Julian Stecklina fe3d4015ba Perform load_image on initrd to hopefully verify signatures 2022-11-23 14:03:53 +01:00
Julian Stecklina 568fe1d499 Unwrap initrd from PE image for Linux 2022-11-23 13:51:07 +01:00