ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2025-02-22 01:46:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
heads/initrd
History
Jonathon Hall 61609ff709
initrd/init: Prevent Restricted Boot bypass 
The early recovery shell ("hold R") and serial recovery both could
bypass Restricted Boot since they occurred before config.user was
loaded.  Load config.user earlier before these recovery methods.

Executing a shell directly (if recovery failed) also would bypass
Restricted Boot, additionally leaking /tmp/secret.  Remove this from
the early recovery shell logic.  Also remove the final failsafe exec
and move the "just in case" recovery from normal boot here instead, in
case the regular init script fails.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-07-11 16:42:38 -04:00
..
.gnupg
instruct gpg to use gpg-agent.
2019-01-29 11:16:13 -05:00
bin
initrd/bin/flash.sh: Remove -s vestiges
2023-07-10 09:10:52 -04:00
etc
Merge remote-tracking branch 'github-heads/master' into pureboot-27-heads-upstream
2023-07-05 14:32:16 -04:00
run/cryptsetup
[WIP] cross build json-c and cryptsetup
2020-10-28 15:28:05 +02:00
sbin
Add dual support for real bash and busybox's bash(ash)
2023-03-08 12:45:44 -05:00
.ash_history
GPG2 required changes for key and trustdb generation and inclusion in rom
2019-01-29 11:18:11 -05:00
init
initrd/init: Prevent Restricted Boot bypass
2023-07-11 16:42:38 -04:00
mount-boot
Add dual support for real bash and busybox's bash(ash)
2023-03-08 12:45:44 -05:00