Commit Graph

28 Commits

Author SHA1 Message Date
Julian Stecklina 5de0b3e54a stub: rename sections for UKI compatibility
systemd 255 is stricter in what it considers UKIs. It demands .linux
and .initrd sections. Rename our sections that contain the respective
filenames to match these names.
2024-02-10 20:53:15 +01:00
renovate[bot] bbab50ddcd
chore(deps): lock file maintenance 2024-02-05 03:39:38 +00:00
renovate[bot] 80c7644582
chore(deps): lock file maintenance 2024-01-22 03:54:59 +00:00
nikstur 7b5a91408f
Revert "chore(deps): lock file maintenance" 2024-01-22 01:29:19 +01:00
nikstur 7ba84c0857
Merge pull request #289 from nix-community/renovate/lock-file-maintenance
chore(deps): lock file maintenance
2024-01-22 00:27:20 +00:00
renovate[bot] 57e329ffde
chore(deps): lock file maintenance 2024-01-22 00:20:31 +00:00
renovate[bot] 82898a7c31
fix(deps): update all dependencies 2024-01-22 00:19:38 +00:00
nikstur 234e4da1f3 rust-toolchain: 1.70 -> 1.75 2024-01-21 15:29:42 +01:00
renovate[bot] 78680cc51d
chore(deps): lock file maintenance 2024-01-15 10:18:29 +00:00
Julian Stecklina 8e0d422697 stub: remove nondeterminism in binary
The linker embeds a timestamp into our UEFI stub. objdump -p
reports:

Time/Date               Mon Nov 13 20:02:35 2023

With /Brepro we get the following instead:

Time/Date		d597e888	(This is a reproducible build file hash, not a timestamp)

Fixes #260
2023-11-14 10:31:54 +01:00
renovate[bot] 752d2d4347
fix(deps): update all dependencies 2023-11-13 01:34:32 +00:00
renovate[bot] ceb19c0732
chore(deps): lock file maintenance 2023-11-08 11:02:15 +00:00
renovate[bot] e94d982208
chore(deps): lock file maintenance 2023-10-30 00:14:36 +00:00
Philipp Schuster b7f68a50e6 linux_loader: improve code quality
`Option<&T>` has the same ABI layout as `*const T`, so we have some room for
improvement where we get more Rust convenience. Further, a bug is fixed where
INVALID_PARAMETER wasn't returned when the BUFFER_SIZE pointer is NULL.

See UEFI 2.10 13.2.2. EFI_LOAD_FILE2_PROTOCOL.LoadFile() for reference.
2023-10-24 13:23:30 +02:00
renovate[bot] e0511f43e7
chore(deps): lock file maintenance 2023-10-23 00:26:27 +00:00
renovate[bot] 853c81eef2
chore(deps): lock file maintenance 2023-10-19 20:29:32 +00:00
Julian Stecklina 778e21733b
Merge pull request #196 from nix-community/renovate/all
fix(deps): update all dependencies
2023-10-16 09:03:22 +00:00
Julian Stecklina bb5b2de545 stub: pin goblin (again)
... because of #237. Now renovate should ignore this.
2023-10-16 10:53:56 +02:00
Julian Stecklina 01b62a1c21
Merge branch 'master' into insecure-boot 2023-10-16 10:28:28 +02:00
renovate[bot] eabbae0e0c
fix(deps): update all dependencies 2023-10-16 01:54:44 +00:00
Alois Wohlschlager b02a7e2a7f
stub: use command line from loader in insecure mode
When booting without Secure Boot active, it is not necessary to defend
against a malicious command line being passed from the loader. So just
use it in this case, to facilitaty some debugging and recovery use
cases.

Fixes: https://github.com/nix-community/lanzaboote/issues/226
2023-10-15 16:04:30 +02:00
Alois Wohlschlager db39223a7c
stub: make handling of insecure boot more explicit
When Secure Boot is not available (unsupported or disabled), Lanzaboote
will attempt to boot kernels and initrds even when they fail the hash
verification. Previously, this would happen by falling back to use
LoadImage on the kernel, which fails if Secure Boot is available, as the
kernel is not signed.
The SecureBoot variable offers a more explicit way of checking whether
Secure Boot is available. If the firmware supports Secure Boot, it
initializes this variable to 1 if it is enabled, and to 0 if it is
disabled. Applications are not supposed to modify this variable, and in
particular, since only trusted applications are loaded when Secure Boot
is active, we can assume it is never changed to 0 or deleted if Secure
Boot is active.
Hence, we can be sure of Secure Boot being inactive if this variable is
absent or set to 0, and thus treat all hash verification errors as
non-fatal and proceed to boot arbitrary kernels and initrds (a warning
is still logged in this case). In all other cases, we treat all hash
verification failures as fatal security violations, as it must be done
in the case where Secure Boot is active (it is expected that this does
not lead to any false positives in practice, unless there are bigger
problems anyway).
2023-10-15 15:58:01 +02:00
Julian Stecklina c56ad52b18 stub: pin to current goblin version
goblin 0.7.1 introduces certification support for PE files. This seems to be broken, because we get:

Parsing PE failed Malformed entity: Unable to extract certificate. Probably cert_size:1599360838 is malformed!

from goblin when trying to parse our PE file in memory.

See #237 for context.
2023-10-15 15:40:57 +02:00
Julian Stecklina 17cadf6598 stub: update to latest uefi crates 2023-10-12 12:12:34 +02:00
Raito Bezarius 18771d30f4 lanzaboote: add aarch64-unknown-efi target 2023-09-14 16:35:53 +02:00
nikstur 3dab5531b1 stub: remove TPM 1 support
TPM 1 will not be supported by newer systemd versions and is not widely
available anyways.
2023-09-14 15:04:53 +02:00
Raito Bezarius 8029449cba tool: split systemd into a new crate and make tool into a lib-only crate
This is necessary to make integration testing specific to the backend.
2023-09-14 11:55:09 +02:00
nikstur 83f4376929 uefi: move uefi code to separate workspace 2023-09-13 17:46:05 +02:00