Julian Stecklina
|
95a03d69bb
|
lanzaboote: reorganize to avoid explicit drops
|
2022-11-26 02:31:01 +01:00 |
Raito Bezarius
|
9f65f75289
|
feature: support initrd secrets
|
2022-11-26 02:01:41 +01:00 |
Raito Bezarius
|
a3150dca11
|
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
|
2022-11-26 01:24:33 +01:00 |
Raito Bezarius
|
f6930955a3
|
lanzatool: sync for every sign operation
|
2022-11-25 23:58:06 +01:00 |
nikstur
|
a3ec2cfc15
|
lanzatool: add error messages
|
2022-11-25 23:50:11 +01:00 |
Julian Stecklina
|
c87b2a09dc
|
nix: fix lanzatool integration/merge mixup
|
2022-11-25 23:46:19 +01:00 |
Julian Stecklina
|
3779e81b20
|
lanzaboote: handle errors in print_logo
|
2022-11-25 18:14:58 +01:00 |
Julian Stecklina
|
6bc66052c2
|
lanzaboote: add EmbeddedConfiguration docs
|
2022-11-25 18:14:58 +01:00 |
Julian Stecklina
|
a9edb1488e
|
lanzaboote: fix logo
Someone forget the E in the name.
|
2022-11-25 18:14:58 +01:00 |
nikstur
|
53c4e03619
|
merge this shit
|
2022-11-25 18:10:21 +01:00 |
Ryan Lahfa
|
eda254b6cd
|
nixpkgs: integrate the whole thing (#7)
* nixos: add a lanzaboote module
* nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
* nixos: actually enable sb
* nixos: disable it and adapt it
* lanzatool: fix init
* nixos: secureboot reached
* nixos: enrollment is optional
Co-authored-by: nikstur@outlook.com
|
2022-11-25 17:59:15 +01:00 |
nikstur
|
3a093d85ab
|
lanzatool: set permissons for all files in esp to 755
|
2022-11-25 17:47:24 +01:00 |
nikstur
|
7685ba088b
|
lanzatool: reuse code for signer
|
2022-11-25 15:46:33 +01:00 |
nikstur
|
c0391ce8d7
|
lanzatool: improve tempfiles and error handling in pe
|
2022-11-25 15:16:05 +01:00 |
nikstur
|
ad3a8ec3e5
|
lanzatool: make --pki-bundle optional
|
2022-11-25 13:08:37 +01:00 |
nikstur
|
cd2ef6181d
|
lanzatool: improve signer code
|
2022-11-25 13:07:04 +01:00 |
Raito Bezarius
|
49519cb289
|
nixos: secureboot reached
|
2022-11-25 03:04:44 +01:00 |
nikstur
|
efbb28dc99
|
lanzatool: fix init
|
2022-11-24 17:14:55 +01:00 |
Raito Bezarius
|
ccdd02bf1c
|
nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
|
2022-11-24 17:07:05 +01:00 |
nikstur
|
858c0befb3
|
lanzaboot: include init in cmdline
|
2022-11-24 16:51:43 +01:00 |
nikstur
|
aa86ae9e30
|
lanzatool: add cmdline args for keys
|
2022-11-24 14:12:00 +01:00 |
nikstur
|
587e388364
|
lanzatool: improve error handling
|
2022-11-24 13:33:01 +01:00 |
Julian Stecklina
|
417122e840
|
Merge remote-tracking branch 'origin/lanzatool-bootspec-funz'
|
2022-11-24 12:28:03 +01:00 |
nikstur
|
d40b9f281c
|
lanzatool: remove v1 key
|
2022-11-24 12:26:32 +01:00 |
Julian Stecklina
|
df716e17d6
|
Add documentation to initrd loader
|
2022-11-24 12:18:23 +01:00 |
Julian Stecklina
|
30b61baf38
|
Add documentation to initrd loader
|
2022-11-24 12:11:17 +01:00 |
nikstur
|
3e7f5fa625
|
lanzatool: implement copying sdboot to esp
|
2022-11-24 11:10:19 +01:00 |
nikstur
|
73b1f7e2b5
|
lanzatool: readd efi relative file paths
|
2022-11-23 20:54:13 +01:00 |
nikstur
|
46f1e84a9d
|
lanzatool: init wrapping initrd
|
2022-11-23 20:48:49 +01:00 |
nikstur
|
a65998945d
|
lanzatool: implement relative esp paths
|
2022-11-23 18:15:32 +01:00 |
Julian Stecklina
|
dcca50d14f
|
Refactor embedded config extraction
|
2022-11-23 17:57:43 +01:00 |
Julian Stecklina
|
fa331d8b98
|
Fix section extraction
|
2022-11-23 17:57:23 +01:00 |
nikstur
|
24803a04a2
|
lanzatool: copy image to esp output dir
|
2022-11-23 17:26:56 +01:00 |
nikstur
|
5dbb8e7452
|
lanzatool: detrashify
|
2022-11-23 17:16:08 +01:00 |
Julian Stecklina
|
de451fa5af
|
Merge remote-tracking branch 'origin/lanzatool-install'
|
2022-11-23 15:49:38 +01:00 |
nikstur
|
c4734d11fc
|
lanzatool.crypto: remove
|
2022-11-23 15:49:02 +01:00 |
Julian Stecklina
|
4dab5f7b8f
|
Extract Linux kernel and initrd filenames from PE binary
|
2022-11-23 15:46:25 +01:00 |
Julian Stecklina
|
788a112050
|
Merge pull request #6 from blitz/lanzatool-install
lanzatool.install: init
|
2022-11-23 15:46:12 +01:00 |
nikstur
|
27044f6bdf
|
lanzatool.crypto: remove
|
2022-11-23 15:44:19 +01:00 |
nikstur
|
4356d342a2
|
lanzatool.install: init
|
2022-11-23 15:26:26 +01:00 |
Julian Stecklina
|
1ca83c25d5
|
Remove some unwraps
|
2022-11-23 14:11:54 +01:00 |
Julian Stecklina
|
8559bf664e
|
Add a disclaimer about the current security status
|
2022-11-23 14:11:24 +01:00 |
Julian Stecklina
|
fe3d4015ba
|
Perform load_image on initrd to hopefully verify signatures
|
2022-11-23 14:03:53 +01:00 |
Julian Stecklina
|
568fe1d499
|
Unwrap initrd from PE image for Linux
|
2022-11-23 13:51:07 +01:00 |
Julian Stecklina
|
9567fa7f0e
|
Build tiny empty PE image as initrd carrier
|
2022-11-23 13:00:55 +01:00 |
Julian Stecklina
|
e6953037e7
|
Fix clippy warnings
|
2022-11-23 12:13:45 +01:00 |
Julian Stecklina
|
5a6c05cf11
|
Pass on command line from UKI to Linux kernel
|
2022-11-23 12:11:20 +01:00 |
Julian Stecklina
|
8f2f11aa1b
|
Move loaded_image implementation to helpers module
|
2022-11-23 11:29:40 +01:00 |
Julian Stecklina
|
8f58633d84
|
Remove unsafe LoadedImage protocol invocation
|
2022-11-23 11:20:51 +01:00 |
Julian Stecklina
|
5e7bdfd5b5
|
Pass initrd to Linux
|
2022-11-23 00:53:00 +01:00 |