Commit Graph

20 Commits

Author SHA1 Message Date
Trammell Hudson
b550a7f967
rework startup scripts to combine totp prompt with boot mode selection (issue #221) 2017-07-18 13:44:02 -04:00
Trammell Hudson
86f3e9f5dc
add /boot and /media to /etc/fstab on startup (issue #220) 2017-07-17 12:22:48 -04:00
Francis Lam
efd662c63a
adds a USB boot option with basic parsing to kexec
Supports booting from USB media using either the root device or
a signed ISO as the boot device.  Boot options are parsed with
quick/dirty shell scripts to infer kexec params.

Closes #195 and begins to address #196
2017-04-29 13:40:34 -04:00
Trammell Hudson
7f600072ad
pass -ic option to tpm extend (issue #198) 2017-04-23 16:12:08 -04:00
Trammell Hudson
353a0efe6f
Rework /init and qubes setup scripts (issue #27, #155, #32, #29, #110)
This adds support for seamless booting of Qubes with a TPM disk key,
as well as signing of qubes files in /boot with a Yubikey.

The signed hashes also includes a TPM counter, which is incremented
when new hashes are signed.  This prevents rollback attacks against
the /boot filesystem.

The TPMTOTP value is presented to the user at the time of entering
the disk encryption keys.  Hitting enter will generate a new code.

The LUKS headers are included in the TPM sealing of the disk
encryption keys.
2017-04-12 06:57:58 -04:00
Trammell Hudson
1744612df6
mount only takes one filesystem 2017-04-10 13:11:19 -04:00
Trammell Hudson
4c982856a3
add /etc/fstab and /etc/mtab to initrd image 2017-04-10 12:59:24 -04:00
Trammell Hudson
f99944abe5
qubes init script and improved TPM disk encryption with LUKS headers (issue #123 and #6) 2017-04-01 23:02:00 -04:00
Trammell Hudson
d06ba0a851
reset $boot_option between loops 2017-04-01 22:25:16 -04:00
Trammell Hudson
c40748aa25
Build time configuration for startup scripts and modules.
This addresses multiple issues:

* Issue #63: initrd is build fresh each time, so tracked files do not matter.
* Issue #144: build time configuration
* Issue #123: allows us to customize the startup experience
* Issue #122: manual start-xen will go away
* Issue #25: tpmtotp PCRs are updated after reading the secret
* Issue #16: insmod now meaures modules
2017-03-31 11:18:46 -04:00
Trammell Hudson
cfd549097f
disable dhcp, since there are no networking modules loaded 2017-03-30 17:21:22 -04:00
Trammell Hudson
8589370708
Flash writing from userspace works (issue #17).
Reduce the size of flashrom by commenting out most flash chips,
boards and programmers.

Wrapper script to make it easier to rewrite the ROM on the x230
using the flashrom layout.

Keep the entire 12 MB ROM for flashing.
2017-03-30 17:12:22 -04:00
Trammell Hudson
b0d2d4b5ba
run dhcp automatically on boot 2017-03-27 18:03:09 -04:00
Trammell Hudson
f39dfd321d
enable dhcp and add helper script for lease setup 2017-03-27 15:56:10 -04:00
Trammell Hudson
9311428082
add /sbin paths 2016-10-26 15:11:12 -04:00
Trammell Hudson
9a85bc22d9
use the new tpmtotp shell scripts 2016-09-09 17:24:52 -04:00
Trammell Hudson
8a32fb4ac3
warn if there is no totp file 2016-08-14 16:00:34 -04:00
Trammell Hudson
b3786d256a
tpmtotp and qrencode deps 2016-07-31 22:39:07 -04:00
Trammell Hudson
2471e15109
cleanup initrd, improve population of lib directories, remove some extra drivers, add notes on /dev 2016-07-28 00:08:33 -04:00
Trammell Hudson
a6d9902a2d
started on automated build process 2016-07-25 10:08:53 -04:00