Commit Graph

524 Commits

Author SHA1 Message Date
Raito Bezarius 5b22893473 project: move to nixpkgs Rust infrastructure
This builds the stub and tool using `rustPlatform.buildRustPackage`
which features a stable Rust compiler, recent enough to support UEFI
targets.

In the future, it will rely on properly defined targets for UEFI in
nixpkgs.
2023-06-10 18:03:58 +02:00
Julian Stecklina 45d04a45d3
Merge pull request #193 from nix-community/renovate/all
fix(deps): update all dependencies
2023-06-05 10:31:02 +02:00
renovate[bot] 3cae2f1c63
fix(deps): update all dependencies 2023-06-05 02:00:30 +00:00
nikstur e422970c1b
Merge pull request #192 from nix-community/upgrade/uefi
stub: upgrade to uefi-rs 0.22.0
2023-06-02 14:33:17 +02:00
Raito Bezarius 88aeb61d85 stub: upgrade to uefi-rs 0.22.0
This upgrade is necessary to avoid borking boot on bad UEFI implementations.
2023-06-02 13:16:44 +02:00
nikstur da24357977
Merge pull request #182 from nix-community/fat-uki
stub: add fat variant
2023-06-01 22:43:53 +02:00
Julian Stecklina 2e62c11bab
Merge pull request #191 from nix-community/renovate/all
fix(deps): update rust crate log to 0.4.18
2023-05-29 10:45:26 +02:00
renovate[bot] f1d199d0b4
fix(deps): update rust crate log to 0.4.18 2023-05-29 01:38:08 +00:00
nikstur e9003f12e6
Merge pull request #189 from nix-community/update-state-of-upstreaming
docs: fixup stray ```
2023-05-28 00:52:36 +02:00
Raito Bezarius 72b66bfc69 docs: fixup stray ``` 2023-05-28 00:43:51 +02:00
Ryan Lahfa e5bced9852
Merge pull request #188 from nix-community/update-state-of-upstreaming
docs: update upstreaming state
2023-05-28 00:43:04 +02:00
Raito Bezarius de80330ec4 docs: update upstreaming state
We now have bootspec enabled by default for 23.05+.
2023-05-28 00:39:31 +02:00
Julian Stecklina f641dcfc8b
Merge pull request #186 from erdnaxe/docs_update
docs: add precision about dbx and OptionROMs
2023-05-27 12:14:02 +02:00
Alexandre Iooss b673e1b71f docs: add precision about dbx and OptionROMs 2023-05-25 08:57:33 +02:00
nikstur 7ecafb2947 stub: add fat variant
A compile time feature is introduced that allows to build "fat" stubs
that can be used to build "fat" UKIs. "fat" here means that the actual
kernel and initrd are embedded in the PE binary, not only the file path
and hash. This brings us one step closer to feature partiy with
systemd-stub and thus one step closer to replacing it fully. Such a
"fat" or "real" UKI is also interesting for image-based deployments of
NixOS.
2023-05-24 22:09:28 +02:00
nikstur dc52f0352d
Merge pull request #185 from nix-community/cleanup-flake
Cleanup flake
2023-05-24 10:32:41 +02:00
nikstur 740f7f9314 flake: checkInputs -> nativeCheckInputs
Use nativeCheckInputs instead of checkInputs because it is more
semantically correct even if checkInputs works with Crane.
2023-05-24 01:08:58 +02:00
nikstur 8e4de7892a flake: add proper description 2023-05-24 01:08:32 +02:00
nikstur 1f542a1eba
Merge pull request #184 from nix-community/improve-subprocess-errors
tool: improve command error messages
2023-05-24 00:44:36 +02:00
nikstur 30ddfcd2ce tool: improve command error messages 2023-05-24 00:17:11 +02:00
nikstur 36adaf5a9e
Merge pull request #181 from nix-community/renovate/all
fix(deps): update all dependencies
2023-05-22 10:11:11 +02:00
renovate[bot] 5ecd73cdac
fix(deps): update all dependencies 2023-05-22 02:56:28 +00:00
Ryan Lahfa f9681e3e23
Merge pull request #178 from nix-community/update/uefi-rs
deps: update to uefi-rs 0.21.0
2023-05-20 23:05:27 +02:00
Raito Bezarius c96299ea46 deps: update to uefi-rs 0.21.0
It simplifies our filesystem handling.
2023-05-20 23:05:15 +02:00
nikstur 3fb74cfb53
Merge pull request #179 from nix-community/update/bootspec
tool(bootspec): remove boilerplate with newest bootspec
2023-05-20 22:01:55 +02:00
Raito Bezarius 77f1279406 tool(bootspec): remove boilerplate with newest bootspec 2023-05-20 19:41:31 +02:00
nikstur 7ed294c84d
Merge pull request #180 from nix-community/sync-packages-ver
chore: sync our crates version to latest tag
2023-05-19 00:36:31 +02:00
Ryan Lahfa 3a5e15f4ac
Merge pull request #167 from nix-community/sd-stub-tpm2
feat: minimal poc for TPM measurements à la sd-stub
2023-05-18 19:16:30 +02:00
Raito Bezarius f603e0c134 tests: support TPM2 + SecureBoot tests
Test that our measurements exposes a TPM PCR index in the userspace
through efivarfs.
2023-05-18 19:06:32 +02:00
Raito Bezarius 606b9e8bab stub(tpm): Measure "UKI" (i.e. all unified sections in our stub) 2023-05-18 19:05:53 +02:00
Raito Bezarius ad28b4cd01 stub: bump crate to 0.3.0 2023-05-18 19:03:42 +02:00
Raito Bezarius 39cda9e457 tool: bump crate to 0.3.0 2023-05-18 19:03:37 +02:00
Raito Bezarius cc428efc86 flake: add cargo-release 2023-05-18 19:02:43 +02:00
Ryan Lahfa 354ec6f451
Merge pull request #177 from nix-community/rustfmt
Add rustfmt checks
2023-05-18 18:46:52 +02:00
nikstur c17650dafc flake: add rustfmt checks 2023-05-17 21:40:31 +02:00
nikstur 65dbe44999 stub: format with rustfmt 2023-05-17 21:40:03 +02:00
nikstur e37bf51ed3 stub: format with rustfmt 2023-05-17 21:39:40 +02:00
Julian Stecklina d93eebb9c6
Merge pull request #176 from nix-community/flake/update
flake.lock: Update
2023-05-17 14:44:39 +02:00
Raito Bezarius 3f80a7416f flake.lock: Update 2023-05-15 00:47:50 +02:00
Julian Stecklina 39e61a0efe
Merge pull request #175 from nix-community/renovate/all
fix(deps): update all dependencies
2023-05-08 11:15:16 +02:00
renovate[bot] 7378e06257
fix(deps): update all dependencies 2023-05-08 01:30:03 +00:00
nikstur ae49611bd6
Merge pull request #166 from nix-community/sd-stub-efi-variables
feat: minimal poc for exporting UEFI variables à la sd-boot
2023-05-05 21:32:50 +02:00
Raito Bezarius a5372db91f hotfix(stub): rust_version -> rust-version in Cargo.toml 2023-05-05 20:11:55 +02:00
Raito Bezarius 9dd9116b1e stub: export boot loader interface efivars 2023-05-05 20:11:55 +02:00
nikstur adc01887d9
Merge pull request #172 from nix-community/renovate/all
fix(deps): update all dependencies
2023-05-01 23:48:56 +02:00
renovate[bot] 008e7a65fd
fix(deps): update all dependencies 2023-05-01 02:39:28 +00:00
Ryan Lahfa 64b903ca87
Merge pull request #163 from nix-community/synthesis
feat: enable synthesis support
2023-04-29 23:07:03 +02:00
Raito Bezarius 4ef6957f88 feat: enable synthesis support
Bootspec has a mechanism called synthesis where you can synthesize
bootspecs if they are not present based on the generation link only.

This is useful for "vanilla bootspec" which does not contain any
extensions, as this is what we do right now.

If we need extensions, we can also implement our synthesis mechanism on
the top of it.

Enabling synthesis gives us the superpower to support non-bootspec
users. :-)
2023-04-29 22:55:39 +02:00
Ryan Lahfa 484b2c2fe4
Merge pull request #148 from nix-community/rfc0125-post-merge
bootspec: RFC-0125 final changes
2023-04-29 16:01:40 +02:00
Raito Bezarius d0d0b7b3a1 flake.lock: Update 2023-04-29 15:21:38 +02:00