nikstur
2fce3c0802
treewde: simplify subproject directory names
...
This commit only moves the directories instead of chaning any names
inside files.
2023-01-17 21:31:14 +01:00
nikstur
3db39f403b
treewide: blake3 -> sha256
...
Using the sha2 crate instead of blake3 decreases the binary size of the
stub by around 50%.
2023-01-14 02:31:54 +01:00
nikstur
7f235ce004
lanzatool: spell specialised consistently
2023-01-06 23:20:31 +01:00
nikstur
4f44cb70a2
lanzatool: generate custom os-release
2023-01-06 21:27:51 +01:00
nikstur
b6eb6c1e52
lanzatool: keep unrelated files when running gc
2023-01-04 22:29:09 +01:00
nikstur
c4e5ec7008
lanzatool: add more assertions to gc integration test
2023-01-04 01:23:13 +01:00
nikstur
7afbc43195
Merge pull request #43 from nix-community/some-more-lanzatool-refactoring
...
lanzatool: some more refactoring
2023-01-02 00:41:13 +01:00
nikstur
1e632c0d1d
lanzatool: add context to sbsing output failure
2023-01-02 00:34:01 +01:00
nikstur
b592d92744
lanzatool: don't open file to read metadata
2023-01-02 00:34:01 +01:00
nikstur
1c0438a003
lanzatool: simplify uefi path code
2023-01-02 00:33:59 +01:00
nikstur
d3a96b1c3c
lanzatool: intgeration test infrastrucutre + gc tests
2023-01-02 00:05:32 +01:00
nikstur
676786f811
lanzatool: add rand dev dependency
2023-01-02 00:05:21 +01:00
nikstur
3c7c8340eb
lanzatool: add assert_cmd dev dependency
2023-01-02 00:05:21 +01:00
nikstur
9daf9ae0a8
lanzatool: implement configuration limit
2023-01-02 00:05:17 +01:00
nikstur
4a8cfa7f7f
lanzatool: add walkdir dependency
2022-12-31 02:10:36 +01:00
nikstur
0a58b290e2
lanzatool: clean up parse_version and add simple test
2022-12-30 23:43:19 +01:00
nikstur
463d9496bf
lanzatool: write sbsign output to stdout
2022-12-30 23:43:19 +01:00
nikstur
d4c5af23fe
lanzatool: improve error msg for file_size
2022-12-30 23:43:19 +01:00
nikstur
a341baa09a
lanzatool: simplify nixos_path and add unit test
2022-12-30 23:43:18 +01:00
nikstur
781651b9e0
lanzatool: improve esp_relative_path_string error msg
2022-12-30 21:11:07 +01:00
Julian Stecklina
f6ae373500
lanzatool: apply rustfmt to install.rs
2022-12-28 23:59:23 +01:00
Julian Stecklina
f07618b64c
lanzatool: remove unused utils module
2022-12-28 23:59:23 +01:00
Julian Stecklina
b762de9fec
lanzatool: remove Path -> String conversions in signature module
2022-12-28 23:59:23 +01:00
Julian Stecklina
74afcb1eea
lanzatool: remove Path -> String conversion from pe module
...
... by using OsString, which can handle broken UTF-8 in file
names.
2022-12-28 23:59:23 +01:00
Raito Bezarius
0ad20b0d5a
lanzatool: ignore malformed generations
2022-12-26 02:47:28 +01:00
nikstur
65f3c67357
lanzatool: appease clippy by removing borrow
2022-12-25 18:05:07 +01:00
nikstur
6e66c5f0ed
Cargo.toml: update bootspec to upstream
2022-12-25 18:05:07 +01:00
Raito Bezarius
e3f6029643
nixos/lanzaboote: use upstream bootspec for extension generation
2022-12-25 18:05:07 +01:00
Raito Bezarius
92e7e4f49a
lanzatool(bootspec): introduce DetSys's bootspec library
2022-12-18 00:29:49 +01:00
nikstur
614131d648
lanzatool: remove placeholder code for auto enrolling uefi keys
2022-12-10 18:11:23 +01:00
nikstur
49a8ae8aec
lanzatool: skip existing files in esp
2022-12-03 19:05:12 +01:00
Julian Stecklina
85b111aa17
initrd-stub: drop unused stub
...
This is not useful anymore, because we don't need to wrap the initrd
anymore.
2022-11-30 09:25:17 +01:00
Julian Stecklina
401c3b8c1c
lanzatool, lanzaboote: don't wrap initrd as PE
...
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
2022-11-30 09:23:42 +01:00
Julian Stecklina
1739ffde26
lanzaboote: verify hash of kernel and initrd
2022-11-30 09:22:14 +01:00
Julian Stecklina
7a15bba50b
lanzaboote: load kernel and initrd into memory only once
2022-11-30 09:22:14 +01:00
Julian Stecklina
d754a87d5c
lanzaboote: cleanup kernel/initrd opening
2022-11-30 09:22:14 +01:00
Julian Stecklina
3f78939d0a
lanzatool: embed kernel and initrd hashes
2022-11-30 09:22:14 +01:00
Julian Stecklina
ba119d398f
lanzatool: add function documentation
2022-11-30 09:22:14 +01:00
Julian Stecklina
7926ab9e5e
lanzaboote: fix clippy issues
2022-11-28 13:38:01 +01:00
nikstur
0a638970e7
lanzatool: enable specialisation
2022-11-27 12:01:53 +01:00
nikstur
98cf9e0978
lanzatool: improve --help output
2022-11-27 00:12:00 +01:00
nikstur
fffa7d6bfa
lanzatool: appease clippy
2022-11-26 23:19:08 +01:00
nikstur
0a96623461
lanzatool: bootspec from generation
...
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
nikstur
967f78d374
lanzatool: hide sbsign output on happy path
2022-11-26 15:34:48 +01:00
nikstur
c441f5157e
lanzatool: sign and copy in one step)
2022-11-26 15:32:43 +01:00
nikstur
240c80368f
lanzatool: make it more typedriven
2022-11-26 14:55:15 +01:00
Ryan Lahfa
95f596f4dc
lanzatool: add support for generations and correct naming of kernels a… ( #12 )
...
* lanzatool: add support for generations and correct naming of kerels and initrds
* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests
* lanzatool: ryan is a B class engineer
Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
Julian Stecklina
1f0f349559
lanzaboote: add error handling strings
2022-11-26 02:47:21 +01:00
Julian Stecklina
95a03d69bb
lanzaboote: reorganize to avoid explicit drops
2022-11-26 02:31:01 +01:00
Raito Bezarius
9f65f75289
feature: support initrd secrets
2022-11-26 02:01:41 +01:00
Raito Bezarius
a3150dca11
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 01:24:33 +01:00
Raito Bezarius
f6930955a3
lanzatool: sync for every sign operation
2022-11-25 23:58:06 +01:00
nikstur
a3ec2cfc15
lanzatool: add error messages
2022-11-25 23:50:11 +01:00
Julian Stecklina
c87b2a09dc
nix: fix lanzatool integration/merge mixup
2022-11-25 23:46:19 +01:00
Julian Stecklina
3779e81b20
lanzaboote: handle errors in print_logo
2022-11-25 18:14:58 +01:00
Julian Stecklina
6bc66052c2
lanzaboote: add EmbeddedConfiguration docs
2022-11-25 18:14:58 +01:00
Julian Stecklina
a9edb1488e
lanzaboote: fix logo
...
Someone forget the E in the name.
2022-11-25 18:14:58 +01:00
nikstur
53c4e03619
merge this shit
2022-11-25 18:10:21 +01:00
Ryan Lahfa
eda254b6cd
nixpkgs: integrate the whole thing ( #7 )
...
* nixos: add a lanzaboote module
* nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
* nixos: actually enable sb
* nixos: disable it and adapt it
* lanzatool: fix init
* nixos: secureboot reached
* nixos: enrollment is optional
Co-authored-by: nikstur@outlook.com
2022-11-25 17:59:15 +01:00
nikstur
3a093d85ab
lanzatool: set permissons for all files in esp to 755
2022-11-25 17:47:24 +01:00
nikstur
7685ba088b
lanzatool: reuse code for signer
2022-11-25 15:46:33 +01:00
nikstur
c0391ce8d7
lanzatool: improve tempfiles and error handling in pe
2022-11-25 15:16:05 +01:00
nikstur
ad3a8ec3e5
lanzatool: make --pki-bundle optional
2022-11-25 13:08:37 +01:00
nikstur
cd2ef6181d
lanzatool: improve signer code
2022-11-25 13:07:04 +01:00
Raito Bezarius
49519cb289
nixos: secureboot reached
2022-11-25 03:04:44 +01:00
nikstur
efbb28dc99
lanzatool: fix init
2022-11-24 17:14:55 +01:00
Raito Bezarius
ccdd02bf1c
nixos: add a lanzaboote module
...
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
2022-11-24 17:07:05 +01:00
nikstur
858c0befb3
lanzaboot: include init in cmdline
2022-11-24 16:51:43 +01:00
nikstur
aa86ae9e30
lanzatool: add cmdline args for keys
2022-11-24 14:12:00 +01:00
nikstur
587e388364
lanzatool: improve error handling
2022-11-24 13:33:01 +01:00
Julian Stecklina
417122e840
Merge remote-tracking branch 'origin/lanzatool-bootspec-funz'
2022-11-24 12:28:03 +01:00
nikstur
d40b9f281c
lanzatool: remove v1 key
2022-11-24 12:26:32 +01:00
Julian Stecklina
df716e17d6
Add documentation to initrd loader
2022-11-24 12:18:23 +01:00
Julian Stecklina
30b61baf38
Add documentation to initrd loader
2022-11-24 12:11:17 +01:00
nikstur
3e7f5fa625
lanzatool: implement copying sdboot to esp
2022-11-24 11:10:19 +01:00
nikstur
73b1f7e2b5
lanzatool: readd efi relative file paths
2022-11-23 20:54:13 +01:00
nikstur
46f1e84a9d
lanzatool: init wrapping initrd
2022-11-23 20:48:49 +01:00
nikstur
a65998945d
lanzatool: implement relative esp paths
2022-11-23 18:15:32 +01:00
Julian Stecklina
dcca50d14f
Refactor embedded config extraction
2022-11-23 17:57:43 +01:00
Julian Stecklina
fa331d8b98
Fix section extraction
2022-11-23 17:57:23 +01:00
nikstur
24803a04a2
lanzatool: copy image to esp output dir
2022-11-23 17:26:56 +01:00
nikstur
5dbb8e7452
lanzatool: detrashify
2022-11-23 17:16:08 +01:00
Julian Stecklina
de451fa5af
Merge remote-tracking branch 'origin/lanzatool-install'
2022-11-23 15:49:38 +01:00
nikstur
c4734d11fc
lanzatool.crypto: remove
2022-11-23 15:49:02 +01:00
Julian Stecklina
4dab5f7b8f
Extract Linux kernel and initrd filenames from PE binary
2022-11-23 15:46:25 +01:00
Julian Stecklina
788a112050
Merge pull request #6 from blitz/lanzatool-install
...
lanzatool.install: init
2022-11-23 15:46:12 +01:00
nikstur
27044f6bdf
lanzatool.crypto: remove
2022-11-23 15:44:19 +01:00
nikstur
4356d342a2
lanzatool.install: init
2022-11-23 15:26:26 +01:00
Julian Stecklina
1ca83c25d5
Remove some unwraps
2022-11-23 14:11:54 +01:00
Julian Stecklina
8559bf664e
Add a disclaimer about the current security status
2022-11-23 14:11:24 +01:00
Julian Stecklina
fe3d4015ba
Perform load_image on initrd to hopefully verify signatures
2022-11-23 14:03:53 +01:00
Julian Stecklina
568fe1d499
Unwrap initrd from PE image for Linux
2022-11-23 13:51:07 +01:00
Julian Stecklina
9567fa7f0e
Build tiny empty PE image as initrd carrier
2022-11-23 13:00:55 +01:00
Julian Stecklina
e6953037e7
Fix clippy warnings
2022-11-23 12:13:45 +01:00
Julian Stecklina
5a6c05cf11
Pass on command line from UKI to Linux kernel
2022-11-23 12:11:20 +01:00
Julian Stecklina
8f2f11aa1b
Move loaded_image implementation to helpers module
2022-11-23 11:29:40 +01:00
Julian Stecklina
8f58633d84
Remove unsafe LoadedImage protocol invocation
2022-11-23 11:20:51 +01:00
Julian Stecklina
5e7bdfd5b5
Pass initrd to Linux
2022-11-23 00:53:00 +01:00
Julian Stecklina
ee861e2fc0
Install initrd loading protocol
2022-11-23 00:53:00 +01:00
Julian Stecklina
23d8929546
Create uefi helpers module
2022-11-22 16:24:09 +01:00
Julian Stecklina
76e7635de8
Move PE parsing into its own module
2022-11-22 16:18:12 +01:00
Julian Stecklina
9aab0d27da
Make it smaller
2022-11-22 15:53:24 +01:00
Julian Stecklina
4e8fbd42cd
Regenerate lock file
2022-11-22 11:50:13 +01:00
Julian Stecklina
d90fac9eef
Open current image
2022-11-22 11:50:05 +01:00
Raito Bezarius
c7ca236941
lanzaboote: remove unused imports
2022-11-22 10:34:14 +01:00
Raito Bezarius
50b39a3b8f
lanzaboote: safe-ize root directory finding using exts feature
2022-11-22 02:24:38 +01:00
Julian Stecklina
f40199b7aa
Move Rust tools into a common directory
2022-11-22 01:53:40 +01:00
Julian Stecklina
381f73e0a6
Boot a Linux kernel
2022-11-22 01:39:05 +01:00
Julian Stecklina
3990557849
Factor out file reading
2022-11-22 01:13:41 +01:00
Julian Stecklina
172b341a4c
Simplify code that finds the root directory
2022-11-22 01:00:36 +01:00
Julian Stecklina
6e13511b4d
Add code that reads a file from the ESP
2022-11-21 17:52:06 +01:00
Julian Stecklina
4970dafdbf
Add logo
2022-11-21 16:22:44 +01:00
Julian Stecklina
0c013e77a7
Add crypto library
2022-11-21 16:03:58 +01:00
Julian Stecklina
b10ee4d0d6
Make systemd boot the EFI binary
2022-11-21 15:36:39 +01:00
Julian Stecklina
cd39fd3a6b
Initial import of Rust files
2022-11-21 12:31:23 +01:00