Jörg Thalheim
c9f9f1c52a
nixos/lanzaboote: pkiBundle is not actual optional
...
the installHook needs it.
2022-12-08 21:26:17 +01:00
Jörg Thalheim
39774a6974
fix lanzaboote module import
2022-12-08 21:23:35 +01:00
Jörg Thalheim
a4ddbada50
deduplicate flakes
...
without this users end up with multiple copies of nixpkgs, which cannot
be overriden from the outside (follows only works on 1 level).
2022-12-08 20:40:40 +01:00
Ryan Lahfa
e496b60be1
Merge pull request #22 from nix-community/crane
...
Drop Naersk and Enable Clippy for lanzaboote
2022-11-29 22:42:13 +01:00
Julian Stecklina
c3e0e73b82
Merge pull request #23 from nix-community/test-sd-stage1
...
lanzaboot: test systemd stage 1
2022-11-29 21:04:50 +00:00
Raito Bezarius
f7c66b027a
lanzaboot: test systemd stage 1
2022-11-29 20:10:55 +01:00
Julian Stecklina
28bb93c5f3
nix: switch everything to crane and drop naersk
2022-11-28 14:01:35 +01:00
Julian Stecklina
7926ab9e5e
lanzaboote: fix clippy issues
2022-11-28 13:38:01 +01:00
Julian Stecklina
4fb1e0d0dd
flake.lock: Update
...
Flake lock file updates:
• Updated input 'crane':
'github:ipetkov/crane/c61d98aaea5667607a36bafe5a6fa87fe5bb2c7e' (2022-11-21)
→ 'github:ipetkov/crane/24591d5f8cc979f7b243b88a2d39da09976970ad' (2022-11-28)
• Updated input 'naersk/nixpkgs':
'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
→ 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/3ea5616c21dd186129f90a86c66352359a45cb07' (2022-11-23)
→ 'github:NixOS/nixpkgs/b45ec953794bb07922f0468152ad1ebaf8a084b3' (2022-11-27)
• Updated input 'rust-overlay':
'github:oxalica/rust-overlay/018df6d3f900fc53d567045bd86208f5c00d8956' (2022-11-24)
→ 'github:oxalica/rust-overlay/b9da8e68a08707115be750c0cf7ade33f49d8ec4' (2022-11-28)
2022-11-28 13:15:59 +01:00
nikstur
e6aa11f76c
Merge pull request #19 from blitz/specialisation
...
Lanzatool: enable specialisation
2022-11-27 18:19:59 +01:00
nikstur
0a638970e7
lanzatool: enable specialisation
2022-11-27 12:01:53 +01:00
nikstur
8e04bbf63c
Merge pull request #18 from blitz/lanzatool-cli-help
...
Lanzatool: improve --help output
2022-11-27 00:21:28 +01:00
nikstur
98cf9e0978
lanzatool: improve --help output
2022-11-27 00:12:00 +01:00
Julian Stecklina
452e558e40
Merge pull request #17 from blitz/appease-clippy
...
Lanzatool: appease clippy
2022-11-26 23:36:15 +01:00
nikstur
fffa7d6bfa
lanzatool: appease clippy
2022-11-26 23:19:08 +01:00
nikstur
f080c010e9
Merge pull request #16 from blitz/lanzatool-bootspec-from-generation
...
Lanzatool read bootspec for each generation
2022-11-26 23:13:32 +01:00
nikstur
0a96623461
lanzatool: bootspec from generation
...
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
nikstur
3c094ee5ff
flake.nix: remove some redundancies
2022-11-26 22:21:05 +01:00
nikstur
3548c1a459
Merge pull request #15 from blitz/lanzatool-sign-and-copy
...
Lanzatool sign and copy
2022-11-26 19:30:09 +01:00
Julian Stecklina
5406e69b9a
lanzatool: prepare to enable clippy
...
This still needs work.
2022-11-26 19:16:31 +01:00
Julian Stecklina
b37ffd19d6
nix: fix indentation of checks attribute
2022-11-26 19:16:31 +01:00
Julian Stecklina
85de5d52d0
nix: build lanzatool with crane
2022-11-26 19:16:31 +01:00
Julian Stecklina
4197f369a8
doc: mention aarch64 support
2022-11-26 16:22:53 +01:00
Julian Stecklina
4c0adac9df
Merge pull request #14 from blitz/lanzatool-make-it-more-typedriven
...
lanzatool: make it more typedriven
2022-11-26 16:21:02 +01:00
Julian Stecklina
f16623d713
docs: update README
2022-11-26 16:14:26 +01:00
nikstur
967f78d374
lanzatool: hide sbsign output on happy path
2022-11-26 15:34:48 +01:00
nikstur
c441f5157e
lanzatool: sign and copy in one step)
2022-11-26 15:32:43 +01:00
nikstur
240c80368f
lanzatool: make it more typedriven
2022-11-26 14:55:15 +01:00
Raito Bezarius
8a430b6578
readme: sprint end!
2022-11-26 03:24:54 +01:00
Ryan Lahfa
95f596f4dc
lanzatool: add support for generations and correct naming of kernels a… ( #12 )
...
* lanzatool: add support for generations and correct naming of kerels and initrds
* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests
* lanzatool: ryan is a B class engineer
Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
Julian Stecklina
df9716da7c
Add GPLv3 license
2022-11-26 03:12:24 +01:00
Julian Stecklina
1f0f349559
lanzaboote: add error handling strings
2022-11-26 02:47:21 +01:00
Julian Stecklina
95a03d69bb
lanzaboote: reorganize to avoid explicit drops
2022-11-26 02:31:01 +01:00
Julian Stecklina
702a38398f
nix: remove remaining cruft from flakes.nix
2022-11-26 02:26:39 +01:00
Julian Stecklina
46452f0e46
nix: drop wrapInitrd from flake.nix
2022-11-26 02:21:05 +01:00
Julian Stecklina
691da44610
nix: rename lanzatoolBin to lanzatool-unwrapped
2022-11-26 02:17:34 +01:00
Julian Stecklina
74b815512c
nix: remove qemuUefi wrapper
2022-11-26 02:17:34 +01:00
Julian Stecklina
541275acae
nix: drop the stable Rust toolchain from the environment
...
... otherwise it messes with the unstable one we use for the UEFI
code.
2022-11-26 02:17:28 +01:00
Julian Stecklina
3434433cec
Merge pull request #11 from blitz/secure-pe-assembling
...
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 02:14:32 +01:00
Raito Bezarius
9f65f75289
feature: support initrd secrets
2022-11-26 02:01:41 +01:00
Raito Bezarius
a3150dca11
lanzatool: perform secure assembling for lanzaboote_image and PE wrapping
2022-11-26 01:24:33 +01:00
Raito Bezarius
f6930955a3
lanzatool: sync for every sign operation
2022-11-25 23:58:06 +01:00
nikstur
a3ec2cfc15
lanzatool: add error messages
2022-11-25 23:50:11 +01:00
Julian Stecklina
c87b2a09dc
nix: fix lanzatool integration/merge mixup
2022-11-25 23:46:19 +01:00
Raito Bezarius
dec7c06e6b
tests: test unsigned initrd/kernel either, plus some machinery for sb tests
2022-11-25 18:42:37 +01:00
Julian Stecklina
3779e81b20
lanzaboote: handle errors in print_logo
2022-11-25 18:14:58 +01:00
Julian Stecklina
6bc66052c2
lanzaboote: add EmbeddedConfiguration docs
2022-11-25 18:14:58 +01:00
Julian Stecklina
a9edb1488e
lanzaboote: fix logo
...
Someone forget the E in the name.
2022-11-25 18:14:58 +01:00
nikstur
53c4e03619
merge this shit
2022-11-25 18:10:21 +01:00
Ryan Lahfa
eda254b6cd
nixpkgs: integrate the whole thing ( #7 )
...
* nixos: add a lanzaboote module
* nixos: add a lanzaboote module
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
* nixos: actually enable sb
* nixos: disable it and adapt it
* lanzatool: fix init
* nixos: secureboot reached
* nixos: enrollment is optional
Co-authored-by: nikstur@outlook.com
2022-11-25 17:59:15 +01:00