Issue #123: This streamline Qubes startup experience by
making it possible to have a single-password decryption.
Issue #29: The disk keys in `/secret.key` are passed to the systemd
in initramfs through `/etc/crypttab`, which is generated on each boot.
This is slow; need to look at alternate ways.
Issue #110: By using LVM instead of partitions it is now
possible to find the root filesystem in a consistent way.
Issue #80: LVM is now included in the ROM.
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).
This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154.
This also adds a set of files in the qubes/ directory that
are meant to be copied to the /boot partition.
Issue #154: for ease of upgrading Qubes, the script should
live on /boot instead of in the ROM. This requires a GPG
signature on the startup script to avoid attacks by modifying
the boot script.
Issue #123: this streamlines the boot process for Qubes, although
the disk password is still not passed in correctly to the initrd
(issue #29).
This does not address issues #110 of how to find the root device.
The best approach is probably disk labels, which will require
special installation instructions.
This addresses multiple issues:
* Issue #63: initrd is build fresh each time, so tracked files do not matter.
* Issue #144: build time configuration
* Issue #123: allows us to customize the startup experience
* Issue #122: manual start-xen will go away
* Issue #25: tpmtotp PCRs are updated after reading the secret
* Issue #16: insmod now meaures modules
The .INTERMEDIATE target seemed to causing the problem with
make thinking it didn't have to descend into the sub-module
directories. Removing it allows it to work correctly.
The .INTERMEDIATE target seemed to causing the problem with
make thinking it didn't have to descend into the sub-module
directories. Removing it allows it to work correctly.