nikstur
0a96623461
lanzatool: bootspec from generation
...
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
nikstur
3c094ee5ff
flake.nix: remove some redundancies
2022-11-26 22:21:05 +01:00
nikstur
3548c1a459
Merge pull request #15 from blitz/lanzatool-sign-and-copy
...
Lanzatool sign and copy
2022-11-26 19:30:09 +01:00
Julian Stecklina
5406e69b9a
lanzatool: prepare to enable clippy
...
This still needs work.
2022-11-26 19:16:31 +01:00
Julian Stecklina
b37ffd19d6
nix: fix indentation of checks attribute
2022-11-26 19:16:31 +01:00
Julian Stecklina
85de5d52d0
nix: build lanzatool with crane
2022-11-26 19:16:31 +01:00
Julian Stecklina
4197f369a8
doc: mention aarch64 support
2022-11-26 16:22:53 +01:00
Julian Stecklina
4c0adac9df
Merge pull request #14 from blitz/lanzatool-make-it-more-typedriven
...
lanzatool: make it more typedriven
2022-11-26 16:21:02 +01:00
Julian Stecklina
f16623d713
docs: update README
2022-11-26 16:14:26 +01:00
nikstur
967f78d374
lanzatool: hide sbsign output on happy path
2022-11-26 15:34:48 +01:00
nikstur
c441f5157e
lanzatool: sign and copy in one step)
2022-11-26 15:32:43 +01:00
nikstur
240c80368f
lanzatool: make it more typedriven
2022-11-26 14:55:15 +01:00
Raito Bezarius
8a430b6578
readme: sprint end!
2022-11-26 03:24:54 +01:00
Ryan Lahfa
95f596f4dc
lanzatool: add support for generations and correct naming of kernels a… ( #12 )
...
* lanzatool: add support for generations and correct naming of kerels and initrds
* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests
* lanzatool: ryan is a B class engineer
Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
Julian Stecklina
df9716da7c
Add GPLv3 license
2022-11-26 03:12:24 +01:00
Julian Stecklina
1f0f349559
lanzaboote: add error handling strings
2022-11-26 02:47:21 +01:00
Julian Stecklina
95a03d69bb
lanzaboote: reorganize to avoid explicit drops
2022-11-26 02:31:01 +01:00
Julian Stecklina
702a38398f
nix: remove remaining cruft from flakes.nix
2022-11-26 02:26:39 +01:00
Julian Stecklina
46452f0e46
nix: drop wrapInitrd from flake.nix
2022-11-26 02:21:05 +01:00
Julian Stecklina
691da44610
nix: rename lanzatoolBin to lanzatool-unwrapped
2022-11-26 02:17:34 +01:00
Julian Stecklina
74b815512c
nix: remove qemuUefi wrapper
2022-11-26 02:17:34 +01:00
Julian Stecklina
541275acae
nix: drop the stable Rust toolchain from the environment
...
... otherwise it messes with the unstable one we use for the UEFI
code.
2022-11-26 02:17:28 +01:00
Julian Stecklina
3434433cec
Merge pull request #11 from blitz/secure-pe-assembling
...
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 02:14:32 +01:00
Raito Bezarius
9f65f75289
feature: support initrd secrets
2022-11-26 02:01:41 +01:00
Raito Bezarius
a3150dca11
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 01:24:33 +01:00
Raito Bezarius
f6930955a3
lanzatool: sync for every sign operation
2022-11-25 23:58:06 +01:00
nikstur
a3ec2cfc15
lanzatool: add error messages
2022-11-25 23:50:11 +01:00
Julian Stecklina
c87b2a09dc
nix: fix lanzatool integration/merge mixup
2022-11-25 23:46:19 +01:00
Raito Bezarius
dec7c06e6b
tests: test unsigned initrd/kernel either, plus some machinery for sb tests
2022-11-25 18:42:37 +01:00
Julian Stecklina
3779e81b20
lanzaboote: handle errors in print_logo
2022-11-25 18:14:58 +01:00
Julian Stecklina
6bc66052c2
lanzaboote: add EmbeddedConfiguration docs
2022-11-25 18:14:58 +01:00
Julian Stecklina
a9edb1488e
lanzaboote: fix logo
...
Someone forget the E in the name.
2022-11-25 18:14:58 +01:00
nikstur
53c4e03619
merge this shit
2022-11-25 18:10:21 +01:00
Ryan Lahfa
eda254b6cd
nixpkgs: integrate the whole thing ( #7 )
...
* nixos: add a lanzaboote module
* nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
* nixos: actually enable sb
* nixos: disable it and adapt it
* lanzatool: fix init
* nixos: secureboot reached
* nixos: enrollment is optional
Co-authored-by: nikstur@outlook.com
2022-11-25 17:59:15 +01:00
nikstur
3a093d85ab
lanzatool: set permissons for all files in esp to 755
2022-11-25 17:47:24 +01:00
nikstur
91b8cb02e4
flake.nix: use nixosTest instead of importing file
2022-11-25 17:39:01 +01:00
nikstur
7685ba088b
lanzatool: reuse code for signer
2022-11-25 15:46:33 +01:00
nikstur
c0391ce8d7
lanzatool: improve tempfiles and error handling in pe
2022-11-25 15:16:05 +01:00
nikstur
ad3a8ec3e5
lanzatool: make --pki-bundle optional
2022-11-25 13:08:37 +01:00
nikstur
cd2ef6181d
lanzatool: improve signer code
2022-11-25 13:07:04 +01:00
Raito Bezarius
a99646bb01
nixos: enrollment is optional
2022-11-25 11:29:56 +01:00
Raito Bezarius
49519cb289
nixos: secureboot reached
2022-11-25 03:04:44 +01:00
nikstur
efbb28dc99
lanzatool: fix init
2022-11-24 17:14:55 +01:00
Raito Bezarius
e75d892964
nixos: disable it and adapt it
2022-11-24 17:09:51 +01:00
Raito Bezarius
2148cb06ab
nixos: actually enable sb
2022-11-24 17:07:06 +01:00
Raito Bezarius
ccdd02bf1c
nixos: add a lanzaboote module
...
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
2022-11-24 17:07:05 +01:00
Raito Bezarius
c53477fbf5
nixos: add a lanzaboote module
2022-11-24 16:59:59 +01:00
Ryan Lahfa
a089c6fb3d
Merge pull request #8 from blitz/lanzatool-fix-cmdline
...
lanzaboot: include init in cmdline
2022-11-24 15:55:21 +00:00
nikstur
858c0befb3
lanzaboot: include init in cmdline
2022-11-24 16:51:43 +01:00
nikstur
aa86ae9e30
lanzatool: add cmdline args for keys
2022-11-24 14:12:00 +01:00