Changed the checking of required hashes or required rollback state
to be right before boot, allowing the user to sign/set defaults
in interactive mode.
Also cleaned up usages of recovery and fixed iso parameter
regression.
Similar to qubes-update, it will save then verify the hashes of
the kexec files. Once TOTP is verified, a normal boot will verify
that the file hashes and all the kexec params match and if
successful, boot directly to OS.
Also added a config option to require hash verification for
non-recovery boots, failing to recovery not met.
Refactored boot parsing code and applied that in local-init to
scan /boot for grub options and allow the user to unsafely boot
anything. This goes a long way to addressing #196.
Optionally the user can customize those boot parameters or enforce
arbitrary hashes on the boot device by creating and signing config
files in /boot/ or /media/ or /media/kexec_iso/ISO_FILENAME/.
Supports booting from USB media using either the root device or
a signed ISO as the boot device. Boot options are parsed with
quick/dirty shell scripts to infer kexec params.
Closes#195 and begins to address #196
Replace libuuid with util-linux libuuid (and libblkid,
although we are not using libblkid right now).
This also requires a much larger coreboot cbfs, which was
fixed as part of issue #154.
This addresses multiple issues:
* Issue #63: initrd is build fresh each time, so tracked files do not matter.
* Issue #144: build time configuration
* Issue #123: allows us to customize the startup experience
* Issue #122: manual start-xen will go away
* Issue #25: tpmtotp PCRs are updated after reading the secret
* Issue #16: insmod now meaures modules
This is a step towards unifying the server and laptop config (issue #139)
and also makes it possible to later remove the USB modules from the
normal boot path.
