Commit Graph

127 Commits

Author SHA1 Message Date
Alois Wohlschlager 7387c6708d
Load the kernel image ourselves
When loading something with UEFI LoadImage, signature validation is
performed. However, we verify the kernel by its hash already, and don't
want to sign it. Hence, we have to load it on our own.
2023-01-31 18:25:14 +01:00
Janne Heß 96d52b215c
Make the os-release parser more precise
Closes #77
2023-01-30 11:46:48 +01:00
nikstur ce3b2c27b5 tool: write systemd-boot loader.conf
To minimize the number of arguments passed to `lzbt`, the loader config
is assembled outside `lzbt` and passed as a single argument.

Instead of reimplementing `consoleMode` under the `lanzaboote`
namespace, `config.loader.systemd-boot.consoleMode` is reused as is.
2023-01-29 16:19:14 +01:00
nikstur 5f28ae75ea tool: atomically write to ESP
To minimize the potential for irrecoverable errors, only atomic writes
to the ESP are performed. This is implemented by first copying the file
to the destination with a `.tmp` suffix and then renaming it to the
final desintation. This is atomic because the rename operation is atomic
on POSIX platforms.

Specifically, this means that even if the system crashes during the
operation, the final desintation path will most likely be intact if it
exists at all. There are some nuances to this however. It **cannot** be
actually guaranteed that the operation was performed on the filesystem
level. However, this is the best we can do for now.

For reference:
- POSIX rename(2): https://pubs.opengroup.org/onlinepubs/9699919799/
- Rust fs::rename corresponds to rename(2) on Unix: https://doc.rust-lang.org/std/fs/fn.rename.html
- Rust fs::rename is implemented using libc's rename: https://github.com/rust-lang/rust/blob/master/library/std/src/sys/unix/fs.rs#L1397
- Renaming in libc is atomic: https://www.gnu.org/software/libc/manual/html_node/Renaming-Files.html
2023-01-29 15:31:38 +01:00
nikstur 0ca25a9bf0
Merge pull request #78 from nix-community/robust-systemd-version-parsing
tool: make systemd version parsing robust
2023-01-26 21:46:03 +01:00
nikstur 247afb33a2 tool: make systemd version parsing robust
To make handling systemd versions more robust, they are parsed into a
u32 tuple instead of an f32. Additionally, some unit tests for correct
parsing and comparing of versions are added.
2023-01-26 21:30:44 +01:00
nikstur 1970b95b68 tool: remove bootspec.json
This fixture is not necessary anymore as we have enough integration
tests.
2023-01-26 01:16:09 +01:00
nikstur cc169689f3 tool: smarter systemd-boot install
The process of installing systemd-boot is "smarter" because it now
considers a a few conditions instead of doing nothing if there is a file
at the deistination path. systemd-boot is now forcibly installed (i.e.
overwriting any file at the destination) if (1) there is no file at the
destination, OR (2) a newer version of systemd-boot is available, OR (3)
the signature of the file at the destination could not be verified.
2023-01-25 22:21:14 +01:00
nikstur db75203e31 tool: split esp paths
To access paths on the ESP before or after installing generations, split
EspPaths into general EspPaths that only depend on the path to the ESP
and EspGenerationPaths which additionally depend on generation specific
information (e.g. version number and initrd filename).
2023-01-25 00:24:40 +01:00
nikstur 6e452b50df tool: add SecureTempDirExt
Add an extension to TempDir that allows to create secure tempfiles. This
way, everything related to creating secure tempfiles is bundled in a
single place and can easily be reused.
2023-01-21 16:26:17 +01:00
Julian Stecklina dd499f6642 treewide: fix typos 2023-01-21 10:27:34 +01:00
nikstur 5bb33f3389 treewide: simplify subproject names
Lanzatool is renamed to 'tool' and lanzaboote is renamed to 'stub'.
The name of the lanzatool binary is now 'lzbt' standing for
LanZaBooteTool.
2023-01-17 21:31:14 +01:00
nikstur 2fce3c0802 treewde: simplify subproject directory names
This commit only moves the directories instead of chaning any names
inside files.
2023-01-17 21:31:14 +01:00
nikstur 3db39f403b treewide: blake3 -> sha256
Using the sha2 crate instead of blake3 decreases the binary size of the
stub by around 50%.
2023-01-14 02:31:54 +01:00
nikstur 7f235ce004 lanzatool: spell specialised consistently 2023-01-06 23:20:31 +01:00
nikstur 4f44cb70a2 lanzatool: generate custom os-release 2023-01-06 21:27:51 +01:00
nikstur b6eb6c1e52 lanzatool: keep unrelated files when running gc 2023-01-04 22:29:09 +01:00
nikstur c4e5ec7008 lanzatool: add more assertions to gc integration test 2023-01-04 01:23:13 +01:00
nikstur 7afbc43195
Merge pull request #43 from nix-community/some-more-lanzatool-refactoring
lanzatool: some more refactoring
2023-01-02 00:41:13 +01:00
nikstur 1e632c0d1d lanzatool: add context to sbsing output failure 2023-01-02 00:34:01 +01:00
nikstur b592d92744 lanzatool: don't open file to read metadata 2023-01-02 00:34:01 +01:00
nikstur 1c0438a003 lanzatool: simplify uefi path code 2023-01-02 00:33:59 +01:00
nikstur d3a96b1c3c lanzatool: intgeration test infrastrucutre + gc tests 2023-01-02 00:05:32 +01:00
nikstur 676786f811 lanzatool: add rand dev dependency 2023-01-02 00:05:21 +01:00
nikstur 3c7c8340eb lanzatool: add assert_cmd dev dependency 2023-01-02 00:05:21 +01:00
nikstur 9daf9ae0a8 lanzatool: implement configuration limit 2023-01-02 00:05:17 +01:00
nikstur 4a8cfa7f7f lanzatool: add walkdir dependency 2022-12-31 02:10:36 +01:00
nikstur 0a58b290e2 lanzatool: clean up parse_version and add simple test 2022-12-30 23:43:19 +01:00
nikstur 463d9496bf lanzatool: write sbsign output to stdout 2022-12-30 23:43:19 +01:00
nikstur d4c5af23fe lanzatool: improve error msg for file_size 2022-12-30 23:43:19 +01:00
nikstur a341baa09a lanzatool: simplify nixos_path and add unit test 2022-12-30 23:43:18 +01:00
nikstur 781651b9e0 lanzatool: improve esp_relative_path_string error msg 2022-12-30 21:11:07 +01:00
Julian Stecklina f6ae373500 lanzatool: apply rustfmt to install.rs 2022-12-28 23:59:23 +01:00
Julian Stecklina f07618b64c lanzatool: remove unused utils module 2022-12-28 23:59:23 +01:00
Julian Stecklina b762de9fec lanzatool: remove Path -> String conversions in signature module 2022-12-28 23:59:23 +01:00
Julian Stecklina 74afcb1eea lanzatool: remove Path -> String conversion from pe module
... by using OsString, which can handle broken UTF-8 in file
names.
2022-12-28 23:59:23 +01:00
Raito Bezarius 0ad20b0d5a lanzatool: ignore malformed generations 2022-12-26 02:47:28 +01:00
nikstur 65f3c67357 lanzatool: appease clippy by removing borrow 2022-12-25 18:05:07 +01:00
nikstur 6e66c5f0ed Cargo.toml: update bootspec to upstream 2022-12-25 18:05:07 +01:00
Raito Bezarius e3f6029643 nixos/lanzaboote: use upstream bootspec for extension generation 2022-12-25 18:05:07 +01:00
Raito Bezarius 92e7e4f49a lanzatool(bootspec): introduce DetSys's bootspec library 2022-12-18 00:29:49 +01:00
nikstur 614131d648 lanzatool: remove placeholder code for auto enrolling uefi keys 2022-12-10 18:11:23 +01:00
nikstur 49a8ae8aec lanzatool: skip existing files in esp 2022-12-03 19:05:12 +01:00
Julian Stecklina 85b111aa17 initrd-stub: drop unused stub
This is not useful anymore, because we don't need to wrap the initrd
anymore.
2022-11-30 09:25:17 +01:00
Julian Stecklina 401c3b8c1c lanzatool, lanzaboote: don't wrap initrd as PE
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
2022-11-30 09:23:42 +01:00
Julian Stecklina 1739ffde26 lanzaboote: verify hash of kernel and initrd 2022-11-30 09:22:14 +01:00
Julian Stecklina 7a15bba50b lanzaboote: load kernel and initrd into memory only once 2022-11-30 09:22:14 +01:00
Julian Stecklina d754a87d5c lanzaboote: cleanup kernel/initrd opening 2022-11-30 09:22:14 +01:00
Julian Stecklina 3f78939d0a lanzatool: embed kernel and initrd hashes 2022-11-30 09:22:14 +01:00
Julian Stecklina ba119d398f lanzatool: add function documentation 2022-11-30 09:22:14 +01:00