lanzaboote

History

Alois Wohlschlager ca070a9eec tool: make stubs input-addressed The stubs on the ESP are now input-addressed, where the inputs are the system toplevel and the public key used for signature. This way, it is guaranteed that any stub at a given path will boot the desired system, even in the presence of one of the two edge-cases where it was not previously guaranteed: * The latest generation was deleted at one point, and its generation number was reused by a different system configuration. This is detected because the toplevel will change. * The secure boot signing key was rotated, so old stubs would not boot at all any more. This is detected because the public key will change. Avoiding these two cases will allow to skip reinstallation of stubs that are already in place at the correct path.	2023-10-03 22:08:10 +02:00
..
modules	nix/modules/uki: fix ukify build	2023-09-29 20:07:42 +02:00
tests	tool: make stubs input-addressed	2023-10-03 22:08:10 +02:00

Alois Wohlschlager ca070a9eec

The stubs on the ESP are now input-addressed, where the inputs are the
system toplevel and the public key used for signature. This way, it is
guaranteed that any stub at a given path will boot the desired system,
even in the presence of one of the two edge-cases where it was not
previously guaranteed:
* The latest generation was deleted at one point, and its generation
  number was reused by a different system configuration. This is
  detected because the toplevel will change.
* The secure boot signing key was rotated, so old stubs would not boot
  at all any more. This is detected because the public key will change.

Avoiding these two cases will allow to skip reinstallation of stubs that
are already in place at the correct path.

2023-10-03 22:08:10 +02:00

modules

nix/modules/uki: fix ukify build

2023-09-29 20:07:42 +02:00

tests

tool: make stubs input-addressed

2023-10-03 22:08:10 +02:00