ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-19 13:07:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
533 Commits 27 Branches 6 Tags 21 MiB
1b8ac07a58
Commit Graph

533 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Trammell Hudson
782d4cdc7b
signing of files is now possible on the laptop 2017-04-12 07:04:25 -04:00
Trammell Hudson
353a0efe6f
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110) 
This adds support for seamless booting of Qubes with a TPM disk key,
as well as signing of qubes files in /boot with a Yubikey.

The signed hashes also includes a TPM counter, which is incremented
when new hashes are signed.  This prevents rollback attacks against
the /boot filesystem.

The TPMTOTP value is presented to the user at the time of entering
the disk encryption keys.  Hitting enter will generate a new code.

The LUKS headers are included in the TPM sealing of the disk
encryption keys.
 2017-04-12 06:57:58 -04:00
Trammell Hudson
8464227aa1
use the external functions (issue #161) 2017-04-12 06:57:26 -04:00
Trammell Hudson
8d2d6ad6c3
helper to install qubes from the recovery shell (issue #27) 2017-04-12 06:55:22 -04:00
Trammell Hudson
6a734208b0
try creating NVRAM entry before prompting for owner password (issue #151) 2017-04-12 06:53:54 -04:00
Trammell Hudson
fa8c3abe98
put board configuration file into /etc/config 2017-04-12 06:52:35 -04:00
Trammell Hudson
122bacab37
use xen.gz since we have zlib support in kexec again (issue #170) 2017-04-12 06:50:57 -04:00
Trammell Hudson
84f1d0af39
copy file and compute sha256 before flashing 2017-04-12 06:50:18 -04:00
Trammell Hudson
7a9ab72144
import the seal/unseal totp scripts since they are very specialized to the heads install, skip owner password if not required (issue #151) 2017-04-12 06:49:39 -04:00
Trammell Hudson
c5c47c6b1c
common recovery shell functions (issue #161) 2017-04-12 06:48:38 -04:00
Trammell Hudson
d73c92e63f
quiet down the boot process 2017-04-12 06:46:55 -04:00
Trammell Hudson
da9bde721c
add some color 2017-04-12 06:46:24 -04:00
Trammell Hudson
ea9b2c0da0
helper to do a forcible TPM reset (issue #27) 2017-04-12 06:45:15 -04:00
Trammell Hudson
8c57ac59e7
x230-flash configuration and initialization 2017-04-11 07:16:20 -04:00
Trammell Hudson
51ecbdc8cb
"$@" does not expand correctly in test expressions, use "$*" instead (issue #181) 2017-04-11 06:31:25 -04:00
Trammell Hudson
c19193d7c6
check for TPM program and device before loading modules (issue #181) 2017-04-10 17:48:52 -04:00
Trammell Hudson
b6eaa5c295
remember to add /dev to /etc/fstab 2017-04-10 17:48:20 -04:00
Trammell Hudson
1744612df6
mount only takes one filesystem 2017-04-10 13:11:19 -04:00
Trammell Hudson
4c982856a3
add /etc/fstab and /etc/mtab to initrd image 2017-04-10 12:59:24 -04:00
Trammell Hudson
85f0586615
build xen for the qemu image so that we can test kexec 2017-04-10 12:59:07 -04:00
Trammell Hudson
4eab928339
Merge branch 'flammit-master' 2017-04-09 17:50:43 -04:00
Trammell Hudson
ca06e7598d Merge branch 'master' of https://github.com/flammit/heads into flammit-master 2017-04-09 17:49:36 -04:00
Francis Lam
a39a24665c
Fix coreboot build where gcc defaults to pie (issue #177) 
See 8bbd596de6
 2017-04-09 17:39:23 -04:00
Trammell Hudson
1043517371
typo in $(CROSS_TOOLS_NOCC), building xen with system ld (issue #173) 2017-04-09 16:09:17 -04:00
Trammell Hudson
132d26de05
do two make passes to avoid concurrency errors in lvm2 (issue #175) 2017-04-09 02:49:42 -04:00
Trammell Hudson
740f197487
Linux does not need the musl-libc, just the cross compiler (issue #175) 2017-04-09 02:11:18 -04:00
Trammell Hudson
4e88d5d59c
typo in gnupg, remove the install directory on a real.clean 2017-04-09 01:38:22 -04:00
Trammell Hudson
a2b0ef878e
add real.clean target and fix DAG for parallel top-level makes (issue #175) 2017-04-08 17:46:54 -04:00
Trammell Hudson
a42aaa37c6
xen depends on musl-cross (issue #175) 2017-04-08 17:46:21 -04:00
Trammell Hudson
8c3b5877a3
add bootstrap target to build cross compilers (issue #162) 2017-04-08 15:19:26 -04:00
Trammell Hudson
46a2ae8c2b
disable more unnecessary LVM components 2017-04-08 14:30:50 -04:00
Trammell Hudson
07eb5e9717
Define $(CROSS_TOOLS) to ensure reproducible builds (issue #173) 
Each of the submodule configuration files defined a subset of the
cross compiler tools that it used and many were picking up the
system `ar`, `nm`, `strip, `ld`, etc.  They all now use a `Makefile`
macro that defines the path to the proper cross compiler tools.

For ones that need the tools, but not the musl-libc gcc,
there is $(CROSS_TOOLS_NOCC) that is all of them without gcc.
This is for musl-libc itself, as well as xen and the Linux kernel.
 2017-04-08 13:23:34 -04:00
Trammell Hudson
ae6bed14a2
lvm Makefile was defining $(STRIP) (issue #174) 2017-04-08 13:21:14 -04:00
Trammell Hudson
c262de30a4
kexec/util/bin-to-hex needs to be HOST_CC, not LD (issue #173) 2017-04-08 13:20:40 -04:00
Trammell Hudson
9fb1f247ad
use cross compiler ar (issue #166) 2017-04-07 11:28:36 -04:00
Trammell Hudson
2b0b6f33c0
use cross compiler ar (issue #166) 2017-04-07 11:19:44 -04:00
Trammell Hudson
ea175466a0
use cross compiler ar (issue #166) 2017-04-07 10:57:19 -04:00
Trammell Hudson
8241f190ac
use cross compiler ar (issue #166) 2017-04-07 10:48:46 -04:00
Trammell Hudson
75117c0e5b
reconfigure submodules if their config files ever change (issue #172) 2017-04-07 10:34:57 -04:00
Trammell Hudson
5a0f3dc10b
use -9 instead of --extreme for reproducibility (issue #171) 2017-04-07 10:05:30 -04:00
Trammell Hudson
300b17fa25
add dropbear ssh to qubes and moc configurations (issue #169) 2017-04-07 09:53:02 -04:00
Trammell Hudson
ac74b92157
re-enable zlib and use it in kexec (issue #170) 2017-04-07 09:51:49 -04:00
Trammell Hudson
3c07e27d73
prefix should not be empty 2017-04-07 09:51:15 -04:00
Trammell Hudson
f65136c1a2
parallel crosscompiler build (issue #168) 2017-04-07 08:59:25 -04:00
Trammell Hudson
6b0013e038
use the non-musl-libc wrapped gcc (issue #167) 2017-04-06 17:28:12 -04:00
Trammell Hudson
c76a618b1e
use our cross compiler ld (issue #166) 2017-04-06 17:02:14 -04:00
Trammell Hudson
7c8f86bc52
lvm2 builds reproducibly again (issue #166) 2017-04-06 16:44:48 -04:00
Trammell Hudson
2b55d8bcf8
use our cross compiler ar, not /usr/bin/ar (issue #166) 2017-04-06 16:22:40 -04:00
Trammell Hudson
727e2fbc56
report sha256 of stages as they are built 2017-04-06 16:06:52 -04:00
Trammell Hudson
96fe3f3f09
replaced PREFIX= with DESTDIR= to make builds reproducible (issue #166) 2017-04-06 16:01:56 -04:00