Commit Graph

520 Commits

Author SHA1 Message Date
nikstur 0a96623461 lanzatool: bootspec from generation
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
nikstur 3c094ee5ff flake.nix: remove some redundancies 2022-11-26 22:21:05 +01:00
nikstur 3548c1a459 Merge pull request #15 from blitz/lanzatool-sign-and-copy
Lanzatool sign and copy
2022-11-26 19:30:09 +01:00
Julian Stecklina 5406e69b9a lanzatool: prepare to enable clippy
This still needs work.
2022-11-26 19:16:31 +01:00
Julian Stecklina b37ffd19d6 nix: fix indentation of checks attribute 2022-11-26 19:16:31 +01:00
Julian Stecklina 85de5d52d0 nix: build lanzatool with crane 2022-11-26 19:16:31 +01:00
Julian Stecklina 4197f369a8 doc: mention aarch64 support 2022-11-26 16:22:53 +01:00
Julian Stecklina 4c0adac9df Merge pull request #14 from blitz/lanzatool-make-it-more-typedriven
lanzatool: make it more typedriven
2022-11-26 16:21:02 +01:00
Julian Stecklina f16623d713 docs: update README 2022-11-26 16:14:26 +01:00
nikstur 967f78d374 lanzatool: hide sbsign output on happy path 2022-11-26 15:34:48 +01:00
nikstur c441f5157e lanzatool: sign and copy in one step) 2022-11-26 15:32:43 +01:00
nikstur 240c80368f lanzatool: make it more typedriven 2022-11-26 14:55:15 +01:00
Raito Bezarius 8a430b6578 readme: sprint end! 2022-11-26 03:24:54 +01:00
Ryan Lahfa 95f596f4dc lanzatool: add support for generations and correct naming of kernels a… (#12)
* lanzatool: add support for generations and correct naming of kerels and initrds

* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests

* lanzatool: ryan is a B class engineer

Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
Julian Stecklina df9716da7c Add GPLv3 license 2022-11-26 03:12:24 +01:00
Julian Stecklina 1f0f349559 lanzaboote: add error handling strings 2022-11-26 02:47:21 +01:00
Julian Stecklina 95a03d69bb lanzaboote: reorganize to avoid explicit drops 2022-11-26 02:31:01 +01:00
Julian Stecklina 702a38398f nix: remove remaining cruft from flakes.nix 2022-11-26 02:26:39 +01:00
Julian Stecklina 46452f0e46 nix: drop wrapInitrd from flake.nix 2022-11-26 02:21:05 +01:00
Julian Stecklina 691da44610 nix: rename lanzatoolBin to lanzatool-unwrapped 2022-11-26 02:17:34 +01:00
Julian Stecklina 74b815512c nix: remove qemuUefi wrapper 2022-11-26 02:17:34 +01:00
Julian Stecklina 541275acae nix: drop the stable Rust toolchain from the environment
... otherwise it messes with the unstable one we use for the UEFI
code.
2022-11-26 02:17:28 +01:00
Julian Stecklina 3434433cec Merge pull request #11 from blitz/secure-pe-assembling
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 02:14:32 +01:00
Raito Bezarius 9f65f75289 feature: support initrd secrets 2022-11-26 02:01:41 +01:00
Raito Bezarius a3150dca11 lanzatool: perform secure assembling for lanzaboote_image and PE wrapping 2022-11-26 01:24:33 +01:00
Raito Bezarius f6930955a3 lanzatool: sync for every sign operation 2022-11-25 23:58:06 +01:00
nikstur a3ec2cfc15 lanzatool: add error messages 2022-11-25 23:50:11 +01:00
Julian Stecklina c87b2a09dc nix: fix lanzatool integration/merge mixup 2022-11-25 23:46:19 +01:00
Raito Bezarius dec7c06e6b tests: test unsigned initrd/kernel either, plus some machinery for sb tests 2022-11-25 18:42:37 +01:00
Julian Stecklina 3779e81b20 lanzaboote: handle errors in print_logo 2022-11-25 18:14:58 +01:00
Julian Stecklina 6bc66052c2 lanzaboote: add EmbeddedConfiguration docs 2022-11-25 18:14:58 +01:00
Julian Stecklina a9edb1488e lanzaboote: fix logo
Someone forget the E in the name.
2022-11-25 18:14:58 +01:00
nikstur 53c4e03619 merge this shit 2022-11-25 18:10:21 +01:00
Ryan Lahfa eda254b6cd nixpkgs: integrate the whole thing (#7)
* nixos: add a lanzaboote module

* nixos: add a lanzaboote module

- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys

* nixos: actually enable sb

* nixos: disable it and adapt it

* lanzatool: fix init

* nixos: secureboot reached

* nixos: enrollment is optional

Co-authored-by: nikstur@outlook.com
2022-11-25 17:59:15 +01:00
nikstur 3a093d85ab lanzatool: set permissons for all files in esp to 755 2022-11-25 17:47:24 +01:00
nikstur 91b8cb02e4 flake.nix: use nixosTest instead of importing file 2022-11-25 17:39:01 +01:00
nikstur 7685ba088b lanzatool: reuse code for signer 2022-11-25 15:46:33 +01:00
nikstur c0391ce8d7 lanzatool: improve tempfiles and error handling in pe 2022-11-25 15:16:05 +01:00
nikstur ad3a8ec3e5 lanzatool: make --pki-bundle optional 2022-11-25 13:08:37 +01:00
nikstur cd2ef6181d lanzatool: improve signer code 2022-11-25 13:07:04 +01:00
Raito Bezarius a99646bb01 nixos: enrollment is optional 2022-11-25 11:29:56 +01:00
Raito Bezarius 49519cb289 nixos: secureboot reached 2022-11-25 03:04:44 +01:00
nikstur efbb28dc99 lanzatool: fix init 2022-11-24 17:14:55 +01:00
Raito Bezarius e75d892964 nixos: disable it and adapt it 2022-11-24 17:09:51 +01:00
Raito Bezarius 2148cb06ab nixos: actually enable sb 2022-11-24 17:07:06 +01:00
Raito Bezarius ccdd02bf1c nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
2022-11-24 17:07:05 +01:00
Raito Bezarius c53477fbf5 nixos: add a lanzaboote module 2022-11-24 16:59:59 +01:00
Ryan Lahfa a089c6fb3d Merge pull request #8 from blitz/lanzatool-fix-cmdline
lanzaboot: include init in cmdline
2022-11-24 15:55:21 +00:00
nikstur 858c0befb3 lanzaboot: include init in cmdline 2022-11-24 16:51:43 +01:00
nikstur aa86ae9e30 lanzatool: add cmdline args for keys 2022-11-24 14:12:00 +01:00