401c3b8c1c
lanzatool, lanzaboote: don't wrap initrd as PE
...
... because we check its integrity using the embedded blake3 hash. So
there is no need for the LoadImage hack anymore.
2022-11-30 09:23:42 +01:00
1739ffde26
lanzaboote: verify hash of kernel and initrd
2022-11-30 09:22:14 +01:00
7a15bba50b
lanzaboote: load kernel and initrd into memory only once
2022-11-30 09:22:14 +01:00
d754a87d5c
lanzaboote: cleanup kernel/initrd opening
2022-11-30 09:22:14 +01:00
3f78939d0a
lanzatool: embed kernel and initrd hashes
2022-11-30 09:22:14 +01:00
ba119d398f
lanzatool: add function documentation
2022-11-30 09:22:14 +01:00
7926ab9e5e
lanzaboote: fix clippy issues
2022-11-28 13:38:01 +01:00
0a638970e7
lanzatool: enable specialisation
2022-11-27 12:01:53 +01:00
98cf9e0978
lanzatool: improve --help output
2022-11-27 00:12:00 +01:00
fffa7d6bfa
lanzatool: appease clippy
2022-11-26 23:19:08 +01:00
0a96623461
lanzatool: bootspec from generation
...
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
967f78d374
lanzatool: hide sbsign output on happy path
2022-11-26 15:34:48 +01:00
c441f5157e
lanzatool: sign and copy in one step)
2022-11-26 15:32:43 +01:00
240c80368f
lanzatool: make it more typedriven
2022-11-26 14:55:15 +01:00
95f596f4dc
lanzatool: add support for generations and correct naming of kernels a… ( #12 )
...
* lanzatool: add support for generations and correct naming of kerels and initrds
* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests
* lanzatool: ryan is a B class engineer
Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
1f0f349559
lanzaboote: add error handling strings
2022-11-26 02:47:21 +01:00
95a03d69bb
lanzaboote: reorganize to avoid explicit drops
2022-11-26 02:31:01 +01:00
9f65f75289
feature: support initrd secrets
2022-11-26 02:01:41 +01:00
a3150dca11
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 01:24:33 +01:00
f6930955a3
lanzatool: sync for every sign operation
2022-11-25 23:58:06 +01:00
a3ec2cfc15
lanzatool: add error messages
2022-11-25 23:50:11 +01:00
c87b2a09dc
nix: fix lanzatool integration/merge mixup
2022-11-25 23:46:19 +01:00
3779e81b20
lanzaboote: handle errors in print_logo
2022-11-25 18:14:58 +01:00
6bc66052c2
lanzaboote: add EmbeddedConfiguration docs
2022-11-25 18:14:58 +01:00
a9edb1488e
lanzaboote: fix logo
...
Someone forget the E in the name.
2022-11-25 18:14:58 +01:00
53c4e03619
merge this shit
2022-11-25 18:10:21 +01:00
eda254b6cd
nixpkgs: integrate the whole thing ( #7 )
...
* nixos: add a lanzaboote module
* nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
* nixos: actually enable sb
* nixos: disable it and adapt it
* lanzatool: fix init
* nixos: secureboot reached
* nixos: enrollment is optional
Co-authored-by: nikstur@outlook.com
2022-11-25 17:59:15 +01:00
3a093d85ab
lanzatool: set permissons for all files in esp to 755
2022-11-25 17:47:24 +01:00
7685ba088b
lanzatool: reuse code for signer
2022-11-25 15:46:33 +01:00
c0391ce8d7
lanzatool: improve tempfiles and error handling in pe
2022-11-25 15:16:05 +01:00
ad3a8ec3e5
lanzatool: make --pki-bundle optional
2022-11-25 13:08:37 +01:00
cd2ef6181d
lanzatool: improve signer code
2022-11-25 13:07:04 +01:00
49519cb289
nixos: secureboot reached
2022-11-25 03:04:44 +01:00
efbb28dc99
lanzatool: fix init
2022-11-24 17:14:55 +01:00
ccdd02bf1c
nixos: add a lanzaboote module
...
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
2022-11-24 17:07:05 +01:00
858c0befb3
lanzaboot: include init in cmdline
2022-11-24 16:51:43 +01:00
aa86ae9e30
lanzatool: add cmdline args for keys
2022-11-24 14:12:00 +01:00
587e388364
lanzatool: improve error handling
2022-11-24 13:33:01 +01:00
417122e840
Merge remote-tracking branch 'origin/lanzatool-bootspec-funz'
2022-11-24 12:28:03 +01:00
d40b9f281c
lanzatool: remove v1 key
2022-11-24 12:26:32 +01:00
df716e17d6
Add documentation to initrd loader
2022-11-24 12:18:23 +01:00
30b61baf38
Add documentation to initrd loader
2022-11-24 12:11:17 +01:00
3e7f5fa625
lanzatool: implement copying sdboot to esp
2022-11-24 11:10:19 +01:00
73b1f7e2b5
lanzatool: readd efi relative file paths
2022-11-23 20:54:13 +01:00
46f1e84a9d
lanzatool: init wrapping initrd
2022-11-23 20:48:49 +01:00
a65998945d
lanzatool: implement relative esp paths
2022-11-23 18:15:32 +01:00
dcca50d14f
Refactor embedded config extraction
2022-11-23 17:57:43 +01:00
fa331d8b98
Fix section extraction
2022-11-23 17:57:23 +01:00
24803a04a2
lanzatool: copy image to esp output dir
2022-11-23 17:26:56 +01:00
5dbb8e7452
lanzatool: detrashify
2022-11-23 17:16:08 +01:00
de451fa5af
Merge remote-tracking branch 'origin/lanzatool-install'
2022-11-23 15:49:38 +01:00
c4734d11fc
lanzatool.crypto: remove
2022-11-23 15:49:02 +01:00
4dab5f7b8f
Extract Linux kernel and initrd filenames from PE binary
2022-11-23 15:46:25 +01:00
788a112050
Merge pull request #6 from blitz/lanzatool-install
...
lanzatool.install: init
2022-11-23 15:46:12 +01:00
27044f6bdf
lanzatool.crypto: remove
2022-11-23 15:44:19 +01:00
4356d342a2
lanzatool.install: init
2022-11-23 15:26:26 +01:00
1ca83c25d5
Remove some unwraps
2022-11-23 14:11:54 +01:00
8559bf664e
Add a disclaimer about the current security status
2022-11-23 14:11:24 +01:00
fe3d4015ba
Perform load_image on initrd to hopefully verify signatures
2022-11-23 14:03:53 +01:00
568fe1d499
Unwrap initrd from PE image for Linux
2022-11-23 13:51:07 +01:00
9567fa7f0e
Build tiny empty PE image as initrd carrier
2022-11-23 13:00:55 +01:00
e6953037e7
Fix clippy warnings
2022-11-23 12:13:45 +01:00
5a6c05cf11
Pass on command line from UKI to Linux kernel
2022-11-23 12:11:20 +01:00
8f2f11aa1b
Move loaded_image implementation to helpers module
2022-11-23 11:29:40 +01:00
8f58633d84
Remove unsafe LoadedImage protocol invocation
2022-11-23 11:20:51 +01:00
5e7bdfd5b5
Pass initrd to Linux
2022-11-23 00:53:00 +01:00
ee861e2fc0
Install initrd loading protocol
2022-11-23 00:53:00 +01:00
23d8929546
Create uefi helpers module
2022-11-22 16:24:09 +01:00
76e7635de8
Move PE parsing into its own module
2022-11-22 16:18:12 +01:00
9aab0d27da
Make it smaller
2022-11-22 15:53:24 +01:00
4e8fbd42cd
Regenerate lock file
2022-11-22 11:50:13 +01:00
d90fac9eef
Open current image
2022-11-22 11:50:05 +01:00
c7ca236941
lanzaboote: remove unused imports
2022-11-22 10:34:14 +01:00
50b39a3b8f
lanzaboote: safe-ize root directory finding using exts feature
2022-11-22 02:24:38 +01:00
f40199b7aa
Move Rust tools into a common directory
2022-11-22 01:53:40 +01:00
381f73e0a6
Boot a Linux kernel
2022-11-22 01:39:05 +01:00
3990557849
Factor out file reading
2022-11-22 01:13:41 +01:00
172b341a4c
Simplify code that finds the root directory
2022-11-22 01:00:36 +01:00
6e13511b4d
Add code that reads a file from the ESP
2022-11-21 17:52:06 +01:00
4970dafdbf
Add logo
2022-11-21 16:22:44 +01:00
0c013e77a7
Add crypto library
2022-11-21 16:03:58 +01:00
b10ee4d0d6
Make systemd boot the EFI binary
2022-11-21 15:36:39 +01:00
cd39fd3a6b
Initial import of Rust files
2022-11-21 12:31:23 +01:00
Julian Stecklina