nikstur
efa2410292
treewide: move uefi-keys into test fixtures
...
To clean up the repository move the uefi keys (`pki/`) to
`nix/tests/fixtures/uefi-keys`.
2023-01-26 01:18:41 +01:00
nikstur
cc169689f3
tool: smarter systemd-boot install
...
The process of installing systemd-boot is "smarter" because it now
considers a a few conditions instead of doing nothing if there is a file
at the deistination path. systemd-boot is now forcibly installed (i.e.
overwriting any file at the destination) if (1) there is no file at the
destination, OR (2) a newer version of systemd-boot is available, OR (3)
the signature of the file at the destination could not be verified.
2023-01-25 22:21:14 +01:00
Julian Stecklina
dd499f6642
treewide: fix typos
2023-01-21 10:27:34 +01:00
nikstur
5bb33f3389
treewide: simplify subproject names
...
Lanzatool is renamed to 'tool' and lanzaboote is renamed to 'stub'.
The name of the lanzatool binary is now 'lzbt' standing for
LanZaBooteTool.
2023-01-17 21:31:14 +01:00
nikstur
4f44cb70a2
lanzatool: generate custom os-release
2023-01-06 21:27:51 +01:00
nikstur
eca0ea67fe
lanzabooteModule: implement configuration limit
2023-01-02 00:05:21 +01:00
nikstur
7d5ac15cbb
nix.tests: move from flake
2022-12-25 18:49:28 +01:00
nikstur
912c9b27a6
nix: move package and module into subdir
2022-12-25 18:38:41 +01:00
nikstur
eb9b1bbbe3
treewide: format with nixpkgs-fmt
2022-12-25 18:38:39 +01:00
Raito Bezarius
e3f6029643
nixos/lanzaboote: use upstream bootspec for extension generation
2022-12-25 18:05:07 +01:00
Julian Stecklina
30be791826
Merge pull request #24 from nix-community/remove-auto-entroll
...
Remove auto entroll leftovers
2022-12-11 14:48:27 +00:00
nikstur
36c0a13c4c
lanzaboote module: remove --pki-bundle option
2022-12-10 18:11:23 +01:00
Jörg Thalheim
c9f9f1c52a
nixos/lanzaboote: pkiBundle is not actual optional
...
the installHook needs it.
2022-12-08 21:26:17 +01:00
Julian Stecklina
28bb93c5f3
nix: switch everything to crane and drop naersk
2022-11-28 14:01:35 +01:00
nikstur
0a96623461
lanzatool: bootspec from generation
...
The bootspec is now read from each generation so that more than one
entry can be generated when calling install
2022-11-26 22:27:44 +01:00
Ryan Lahfa
95f596f4dc
lanzatool: add support for generations and correct naming of kernels a… ( #12 )
...
* lanzatool: add support for generations and correct naming of kerels and initrds
* test: use convert_to_esp(extract_bspec_attr(⋅)) for unsigned tests
* lanzatool: ryan is a B class engineer
Co-authored-by: nikstur@outlook.com
2022-11-26 03:14:21 +01:00
Raito Bezarius
9f65f75289
feature: support initrd secrets
2022-11-26 02:01:41 +01:00
Raito Bezarius
a99646bb01
nixos: enrollment is optional
2022-11-25 11:29:56 +01:00
Raito Bezarius
e75d892964
nixos: disable it and adapt it
2022-11-24 17:09:51 +01:00
Raito Bezarius
2148cb06ab
nixos: actually enable sb
2022-11-24 17:07:06 +01:00
Raito Bezarius
ccdd02bf1c
nixos: add a lanzaboote module
...
- Wire up things with Bootspec & External bootloaders
- Introduce SecureBoot keys
2022-11-24 17:07:05 +01:00
Raito Bezarius
c53477fbf5
nixos: add a lanzaboote module
2022-11-24 16:59:59 +01:00
Julian Stecklina
bcad59a20a
Move uefi-run into its own Nix file
2022-11-22 00:43:15 +01:00