Commit Graph

15 Commits

Author SHA1 Message Date
renovate[bot] dfa6c3db1f
chore(deps): lock file maintenance 2023-03-20 01:57:17 +00:00
Julian Stecklina 7060389698 stub: add safety comment for PE parsing 2023-03-15 21:53:19 +01:00
Julian Stecklina 9c128e9ef6 stub: do not read loaded image again from ESP
... because this might not work, if we were not loaded from a file
system. It also removes the issue where we might not load the signed
image that was actually loaded.

Fixes #123
2023-03-15 00:36:50 +01:00
renovate[bot] e321ad1626
fix(deps): update all dependencies 2023-02-27 02:01:48 +00:00
Janne Heß de4c62a1bd stub: lanzatool -> lzbt 2023-02-23 09:32:28 +01:00
Julian Stecklina 90755b789f stub: use logger instead of printing manually 2023-02-21 01:32:29 +01:00
Julian Stecklina 7bde42f4a8 stub: enable logger in uefi-services 2023-02-21 01:32:29 +01:00
Julian Stecklina 3a9cd26c5e stub: update uefi dependency to 0.19.1 2023-02-21 00:50:34 +01:00
Julian Stecklina 697d0d1baa stub: drop unused ed25519-compact dependency 2023-02-21 00:35:00 +01:00
Julian Stecklina 8b00b748f2 stub: add fall back for hash mismatches when Secure Boot is off 2023-02-02 18:03:54 +01:00
Julian Stecklina 8d2ebbc6a7 stub: move linux booting into its own function 2023-02-02 18:03:54 +01:00
Alois Wohlschlager 081714cab9
Pass the built-in cmdline to the kernel
Do not pass our own cmdline on to the kernel. It may have been set by a
malicious boot loader specification entry, and could instruct the
kernel to load an arbitrary unprotected initrd (or perform some other
fun stuff). Instead, always pass the command line built into the UKI,
which is properly authenticated.
2023-01-31 18:32:13 +01:00
Alois Wohlschlager 7387c6708d
Load the kernel image ourselves
When loading something with UEFI LoadImage, signature validation is
performed. However, we verify the kernel by its hash already, and don't
want to sign it. Hence, we have to load it on our own.
2023-01-31 18:25:14 +01:00
nikstur 5bb33f3389 treewide: simplify subproject names
Lanzatool is renamed to 'tool' and lanzaboote is renamed to 'stub'.
The name of the lanzatool binary is now 'lzbt' standing for
LanZaBooteTool.
2023-01-17 21:31:14 +01:00
nikstur 2fce3c0802 treewde: simplify subproject directory names
This commit only moves the directories instead of chaning any names
inside files.
2023-01-17 21:31:14 +01:00