Commit Graph

67 Commits

Author SHA1 Message Date
Julian Stecklina 95a03d69bb lanzaboote: reorganize to avoid explicit drops 2022-11-26 02:31:01 +01:00
Raito Bezarius 9f65f75289 feature: support initrd secrets 2022-11-26 02:01:41 +01:00
Raito Bezarius a3150dca11 lanzatool: perform secure assembling for lanzaboote_image and PE wrapping 2022-11-26 01:24:33 +01:00
Raito Bezarius f6930955a3 lanzatool: sync for every sign operation 2022-11-25 23:58:06 +01:00
nikstur a3ec2cfc15 lanzatool: add error messages 2022-11-25 23:50:11 +01:00
Julian Stecklina c87b2a09dc nix: fix lanzatool integration/merge mixup 2022-11-25 23:46:19 +01:00
Julian Stecklina 3779e81b20 lanzaboote: handle errors in print_logo 2022-11-25 18:14:58 +01:00
Julian Stecklina 6bc66052c2 lanzaboote: add EmbeddedConfiguration docs 2022-11-25 18:14:58 +01:00
Julian Stecklina a9edb1488e lanzaboote: fix logo
Someone forget the E in the name.
2022-11-25 18:14:58 +01:00
nikstur 53c4e03619 merge this shit 2022-11-25 18:10:21 +01:00
Ryan Lahfa eda254b6cd nixpkgs: integrate the whole thing (#7)
* nixos: add a lanzaboote module

* nixos: add a lanzaboote module

- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys

* nixos: actually enable sb

* nixos: disable it and adapt it

* lanzatool: fix init

* nixos: secureboot reached

* nixos: enrollment is optional

Co-authored-by: nikstur@outlook.com
2022-11-25 17:59:15 +01:00
nikstur 3a093d85ab lanzatool: set permissons for all files in esp to 755 2022-11-25 17:47:24 +01:00
nikstur 7685ba088b lanzatool: reuse code for signer 2022-11-25 15:46:33 +01:00
nikstur c0391ce8d7 lanzatool: improve tempfiles and error handling in pe 2022-11-25 15:16:05 +01:00
nikstur ad3a8ec3e5 lanzatool: make --pki-bundle optional 2022-11-25 13:08:37 +01:00
nikstur cd2ef6181d lanzatool: improve signer code 2022-11-25 13:07:04 +01:00
Raito Bezarius 49519cb289 nixos: secureboot reached 2022-11-25 03:04:44 +01:00
nikstur efbb28dc99 lanzatool: fix init 2022-11-24 17:14:55 +01:00
Raito Bezarius ccdd02bf1c nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
2022-11-24 17:07:05 +01:00
nikstur 858c0befb3 lanzaboot: include init in cmdline 2022-11-24 16:51:43 +01:00
nikstur aa86ae9e30 lanzatool: add cmdline args for keys 2022-11-24 14:12:00 +01:00
nikstur 587e388364 lanzatool: improve error handling 2022-11-24 13:33:01 +01:00
Julian Stecklina 417122e840 Merge remote-tracking branch 'origin/lanzatool-bootspec-funz' 2022-11-24 12:28:03 +01:00
nikstur d40b9f281c lanzatool: remove v1 key 2022-11-24 12:26:32 +01:00
Julian Stecklina df716e17d6 Add documentation to initrd loader 2022-11-24 12:18:23 +01:00
Julian Stecklina 30b61baf38 Add documentation to initrd loader 2022-11-24 12:11:17 +01:00
nikstur 3e7f5fa625 lanzatool: implement copying sdboot to esp 2022-11-24 11:10:19 +01:00
nikstur 73b1f7e2b5 lanzatool: readd efi relative file paths 2022-11-23 20:54:13 +01:00
nikstur 46f1e84a9d lanzatool: init wrapping initrd 2022-11-23 20:48:49 +01:00
nikstur a65998945d lanzatool: implement relative esp paths 2022-11-23 18:15:32 +01:00
Julian Stecklina dcca50d14f Refactor embedded config extraction 2022-11-23 17:57:43 +01:00
Julian Stecklina fa331d8b98 Fix section extraction 2022-11-23 17:57:23 +01:00
nikstur 24803a04a2 lanzatool: copy image to esp output dir 2022-11-23 17:26:56 +01:00
nikstur 5dbb8e7452 lanzatool: detrashify 2022-11-23 17:16:08 +01:00
Julian Stecklina de451fa5af Merge remote-tracking branch 'origin/lanzatool-install' 2022-11-23 15:49:38 +01:00
nikstur c4734d11fc lanzatool.crypto: remove 2022-11-23 15:49:02 +01:00
Julian Stecklina 4dab5f7b8f Extract Linux kernel and initrd filenames from PE binary 2022-11-23 15:46:25 +01:00
Julian Stecklina 788a112050 Merge pull request #6 from blitz/lanzatool-install
lanzatool.install: init
2022-11-23 15:46:12 +01:00
nikstur 27044f6bdf lanzatool.crypto: remove 2022-11-23 15:44:19 +01:00
nikstur 4356d342a2 lanzatool.install: init 2022-11-23 15:26:26 +01:00
Julian Stecklina 1ca83c25d5 Remove some unwraps 2022-11-23 14:11:54 +01:00
Julian Stecklina 8559bf664e Add a disclaimer about the current security status 2022-11-23 14:11:24 +01:00
Julian Stecklina fe3d4015ba Perform load_image on initrd to hopefully verify signatures 2022-11-23 14:03:53 +01:00
Julian Stecklina 568fe1d499 Unwrap initrd from PE image for Linux 2022-11-23 13:51:07 +01:00
Julian Stecklina 9567fa7f0e Build tiny empty PE image as initrd carrier 2022-11-23 13:00:55 +01:00
Julian Stecklina e6953037e7 Fix clippy warnings 2022-11-23 12:13:45 +01:00
Julian Stecklina 5a6c05cf11 Pass on command line from UKI to Linux kernel 2022-11-23 12:11:20 +01:00
Julian Stecklina 8f2f11aa1b Move loaded_image implementation to helpers module 2022-11-23 11:29:40 +01:00
Julian Stecklina 8f58633d84 Remove unsafe LoadedImage protocol invocation 2022-11-23 11:20:51 +01:00
Julian Stecklina 5e7bdfd5b5 Pass initrd to Linux 2022-11-23 00:53:00 +01:00