nikstur
614131d648
lanzatool: remove placeholder code for auto enrolling uefi keys
2022-12-10 18:11:23 +01:00
Julian Stecklina
06da27529f
Merge pull request #21 from nix-community/boot-file-integrity
...
Verify Kernel/Initrd Integrity using Blake3
2022-12-09 23:54:14 +00:00
nikstur
49a8ae8aec
lanzatool: skip existing files in esp
2022-12-03 19:05:12 +01:00
Julian Stecklina
d35ca2d7d3
nix: fix initrd integration test
2022-12-02 13:50:32 +01:00
Julian Stecklina
85b111aa17
initrd-stub: drop unused stub
...
This is not useful anymore, because we don't need to wrap the initrd
anymore.
2022-11-30 09:25:17 +01:00
Julian Stecklina
401c3b8c1c
lanzatool, lanzaboote: don't wrap initrd as PE
...
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
2022-11-30 09:23:42 +01:00
Julian Stecklina
1739ffde26
lanzaboote: verify hash of kernel and initrd
2022-11-30 09:22:14 +01:00
Julian Stecklina
7a15bba50b
lanzaboote: load kernel and initrd into memory only once
2022-11-30 09:22:14 +01:00
Julian Stecklina
d754a87d5c
lanzaboote: cleanup kernel/initrd opening
2022-11-30 09:22:14 +01:00
Julian Stecklina
3f78939d0a
lanzatool: embed kernel and initrd hashes
2022-11-30 09:22:14 +01:00
Julian Stecklina
ba119d398f
lanzatool: add function documentation
2022-11-30 09:22:14 +01:00
Ryan Lahfa
e496b60be1
Merge pull request #22 from nix-community/crane
...
Drop Naersk and Enable Clippy for lanzaboote
2022-11-29 22:42:13 +01:00
Julian Stecklina
c3e0e73b82
Merge pull request #23 from nix-community/test-sd-stage1
...
lanzaboot: test systemd stage 1
2022-11-29 21:04:50 +00:00
Raito Bezarius
f7c66b027a
lanzaboot: test systemd stage 1
2022-11-29 20:10:55 +01:00
Julian Stecklina
28bb93c5f3
nix: switch everything to crane and drop naersk
2022-11-28 14:01:35 +01:00
Julian Stecklina
7926ab9e5e
lanzaboote: fix clippy issues
2022-11-28 13:38:01 +01:00
Julian Stecklina
4fb1e0d0dd
flake.lock: Update
...
Flake lock file updates:
• Updated input 'crane':
'github:ipetkov/crane/c61d98aaea5667607a36bafe5a6fa87fe5bb2c7e' (2022-11-21)
→ 'github:ipetkov/crane/24591d5f8cc979f7b243b88a2d39da09976970ad' (2022-11-28)
• Updated input 'naersk/nixpkgs':
'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
→ 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
→ 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'rust-overlay':
'github:oxalica/rust-overlay/018df6d3f900fc53d567045bd86208f5c00d8956' (2022-11-24)
→ 'github:oxalica/rust-overlay/b9da8e68a08707115be750c0cf7ade33f49d8ec4' (2022-11-28)
2022-11-28 13:15:59 +01:00
nikstur
e6aa11f76c
Merge pull request #19 from blitz/specialisation
...
Lanzatool: enable specialisation
2022-11-27 18:19:59 +01:00
nikstur
0a638970e7
lanzatool: enable specialisation
2022-11-27 12:01:53 +01:00
nikstur
8e04bbf63c
Merge pull request #18 from blitz/lanzatool-cli-help
...
Lanzatool: improve --help output
2022-11-27 00:21:28 +01:00
nikstur
98cf9e0978
lanzatool: improve --help output
2022-11-27 00:12:00 +01:00
Julian Stecklina
452e558e40
Merge pull request #17 from blitz/appease-clippy
...
Lanzatool: appease clippy
2022-11-26 23:36:15 +01:00
nikstur
fffa7d6bfa
lanzatool: appease clippy
2022-11-26 23:19:08 +01:00
nikstur
f080c010e9
Merge pull request #16 from blitz/lanzatool-bootspec-from-generation
...
Lanzatool read bootspec for each generation
2022-11-26 23:13:32 +01:00
nikstur
0a96623461
lanzatool: bootspec from generation
...
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
nikstur
3c094ee5ff
flake.nix: remove some redundancies
2022-11-26 22:21:05 +01:00
nikstur
3548c1a459
Merge pull request #15 from blitz/lanzatool-sign-and-copy
...
Lanzatool sign and copy
2022-11-26 19:30:09 +01:00
Julian Stecklina
5406e69b9a
lanzatool: prepare to enable clippy
...
This still needs work.
2022-11-26 19:16:31 +01:00
Julian Stecklina
b37ffd19d6
nix: fix indentation of checks attribute
2022-11-26 19:16:31 +01:00
Julian Stecklina
85de5d52d0
nix: build lanzatool with crane
2022-11-26 19:16:31 +01:00
Julian Stecklina
4197f369a8
doc: mention aarch64 support
2022-11-26 16:22:53 +01:00
Julian Stecklina
4c0adac9df
Merge pull request #14 from blitz/lanzatool-make-it-more-typedriven
...
lanzatool: make it more typedriven
2022-11-26 16:21:02 +01:00
Julian Stecklina
f16623d713
docs: update README
2022-11-26 16:14:26 +01:00
nikstur
967f78d374
lanzatool: hide sbsign output on happy path
2022-11-26 15:34:48 +01:00
nikstur
c441f5157e
lanzatool: sign and copy in one step)
2022-11-26 15:32:43 +01:00
nikstur
240c80368f
lanzatool: make it more typedriven
2022-11-26 14:55:15 +01:00
Raito Bezarius
8a430b6578
readme: sprint end!
2022-11-26 03:24:54 +01:00
Ryan Lahfa
95f596f4dc
lanzatool: add support for generations and correct naming of kernels a… ( #12 )
...
* lanzatool: add support for generations and correct naming of kerels and initrds
* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests
* lanzatool: ryan is a B class engineer
Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
Julian Stecklina
df9716da7c
Add GPLv3 license
2022-11-26 03:12:24 +01:00
Julian Stecklina
1f0f349559
lanzaboote: add error handling strings
2022-11-26 02:47:21 +01:00
Julian Stecklina
95a03d69bb
lanzaboote: reorganize to avoid explicit drops
2022-11-26 02:31:01 +01:00
Julian Stecklina
702a38398f
nix: remove remaining cruft from flakes.nix
2022-11-26 02:26:39 +01:00
Julian Stecklina
46452f0e46
nix: drop wrapInitrd from flake.nix
2022-11-26 02:21:05 +01:00
Julian Stecklina
691da44610
nix: rename lanzatoolBin to lanzatool-unwrapped
2022-11-26 02:17:34 +01:00
Julian Stecklina
74b815512c
nix: remove qemuUefi wrapper
2022-11-26 02:17:34 +01:00
Julian Stecklina
541275acae
nix: drop the stable Rust toolchain from the environment
...
... otherwise it messes with the unstable one we use for the UEFI
code.
2022-11-26 02:17:28 +01:00
Julian Stecklina
3434433cec
Merge pull request #11 from blitz/secure-pe-assembling
...
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 02:14:32 +01:00
Raito Bezarius
9f65f75289
feature: support initrd secrets
2022-11-26 02:01:41 +01:00
Raito Bezarius
a3150dca11
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 01:24:33 +01:00
Raito Bezarius
f6930955a3
lanzatool: sync for every sign operation
2022-11-25 23:58:06 +01:00