bootspec-secureboot
bootspec-secureboot copied to clipboard
DeterminateSystems
Hi, I've been putting off creating my own installer for a while, not that that is particularly interesting on its own. But, it would be really neat to have a...
https://github.com/DeterminateSystems/bootspec/blob/e0394a0c805b92fb07dfeb488454f0a8dea6efb6/installer/src/secure_boot.rs#L23-L25
This is especially important in the installer, where e.g. signing information being unavailable is Not Good. I wonder if there's a "validate" function we can use with clap's derive macro...
As an initial step towards full compatibility with Microsoft keys.
Currently, we assume that the ESP is located at `/boot`, even though we attempt to auto-detect its true location using the NixOS `boot.loader.efi.efiSysMountPoint` option. It is possible that the option...
Here is a small sample: ``` + /nix/store/y8cginvrvarrm1x1axvivynv3rnajvqp-bootspec-unreleased/bin/generator /nix/var/nix/profiles/system-10-link /nix/var/nix/profiles/system-11-link /nix/var/nix/profiles/system-12-link /nix/var/nix/profiles/system-13-link /nix/var/nix/profiles/system-14-link /nix/var/nix/profiles/system-15-link /nix/var/nix/profiles/system-16-link /nix/var/nix/profiles/system-17-link /nix/var/nix/profiles/system-18-link /nix/var/nix/profiles/system-19-link /nix/var/nix/profiles/system-1-link /nix/var/nix/profiles/system-20-link /nix/var/nix/profiles/system-21-link /nix/var/nix/profiles/system-22-link /nix/var/nix/profiles/system-23-link /nix/var/nix/profiles/system-24-link /nix/var/nix/profiles/system-25-link /nix/var/nix/profiles/system-26-link /nix/var/nix/profiles/system-27-link /nix/var/nix/profiles/system-28-link /nix/var/nix/profiles/system-29-link /nix/var/nix/profiles/system-2-link...
Also, there should probably be some better error handling -- would be nice if there was some way to differentiate between fatal and not-so-fatal errors. _Originally posted by @cole-h in...
Waiting for things to not be in so much flux before I dedicate time to writing documentation, so as to prevent wasting time and energy.
##### Description This is a solution for the issue DeterminateSystems/bootspec-secureboot#250. With this fix, secureboot should be running flawlessly with newer versions of systemd-stub. Checked on my computer with nixpkgs rev...
##### Description This enables the use of systemd's `pcrphase` units along with `systemd-measure` to lock TPM2 secrets to specific boot phases. The `pcr-test.nix` file demonstrates a LUKS volume that will...
