ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-20 05:28:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b0e0a91c97
heads/initrd/bin
History
Kyle Rankin 79da79a5e4
Implement Restricted Boot Mode 
Restricted Boot mode only allows booting from signed files, whether that
is signed kernels in /boot or signed ISOs on mounted USB disks. This
disables booting from abitrary USB disks as well as the forced "unsafe"
boot mode. This also disables the recovery console so you can't bypass
this mode simply by running kexec manually.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
2023-06-21 13:26:45 -04:00
..
basic-autoboot.sh Add PureBoot Basic Mode 2023-06-21 13:26:45 -04:00
cbfs-init tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1. 2023-03-08 12:45:46 -05:00
cbfs.sh Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
config-gui.sh Implement Restricted Boot Mode 2023-06-21 13:26:45 -04:00
flash-gui.sh Implement Restricted Boot Mode 2023-06-21 13:26:45 -04:00
flash.sh Use the Librem Key as a TPM work-alike in the absence of a TPM 2023-06-14 09:58:34 -04:00
flashrom-kgpe-d16-openbmc.sh Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
generic-init Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
gpg-gui.sh Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
gpgv Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
gui-init Implement Restricted Boot Mode 2023-06-21 13:26:45 -04:00
gui-init-basic Add PureBoot Basic Mode 2023-06-21 13:26:45 -04:00
kexec-boot media-scan/usb-init: add debugging info 2023-04-17 16:17:55 -04:00
kexec-insert-key Small cosmetic/typo related changes, ccache enablement for coreboot and reduction of unseal attempts 2023-03-10 12:11:57 -05:00
kexec-iso-init kexec-iso-init: add TinyCore iso boot logic (Based on https://github.com/u-root/webboot/) 2023-04-17 16:18:22 -04:00
kexec-parse-bls Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
kexec-parse-boot kexec-parse-boot: fix isolinux iso booting 2023-04-17 16:19:08 -04:00
kexec-save-default Add PureBoot Basic Mode 2023-06-21 13:26:45 -04:00
kexec-save-key Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
kexec-seal-key Small cosmetic/typo related changes, ccache enablement for coreboot and reduction of unseal attempts 2023-03-10 12:11:57 -05:00
kexec-select-boot Add PureBoot Basic Mode 2023-06-21 13:26:45 -04:00
kexec-sign-config Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
kexec-unseal-key gui-init, kexec-unseal-key: Move PCR debugging output to DEBUG calls 2023-03-10 15:39:54 -05:00
key-init Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
media-scan Implement Restricted Boot Mode 2023-06-21 13:26:45 -04:00
mount-usb Extract enable_usb_storage() from mount-usb 2023-06-21 13:26:44 -04:00
network-init-recovery Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
oem-factory-reset oem-factory-reset: Add 'use defaults' prompt to simplify user options 2023-06-21 13:26:42 -04:00
oem-system-info-xx30 Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
poweroff poweroff, reboot: Do not use bash 2023-03-13 12:51:42 -04:00
qubes-measure-luks Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
reboot poweroff, reboot: Do not use bash 2023-03-13 12:51:42 -04:00
root-hashes-gui.sh Add Root file hash feature 2023-06-21 13:26:37 -04:00
seal-hotpkey gui-init/seal-libremkey: reduce friction when generating new secret 2023-06-14 09:58:35 -04:00
seal-totp initrd/bin/seal-totp: PCR0-4 cannot be expected to be 0 on PPC64. 2023-06-04 20:20:46 +03:00
talos-init initrd/bin/talos-init: disable fast-reset 2023-06-07 01:10:14 +03:00
tpm-reset gui-init, tpm-reset: Enforce TPM password maximum length 2023-03-13 13:34:40 -04:00
tpmr Implement Restricted Boot Mode 2023-06-21 13:26:45 -04:00
uefi-init tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1. 2023-03-08 12:45:46 -05:00
unseal-hotp Use the Librem Key as a TPM work-alike in the absence of a TPM 2023-06-14 09:58:34 -04:00
unseal-totp seal-totp, kexec-seal-key: Use common logic for TPM1 and TPM2 2023-03-08 12:45:57 -05:00
usb-init media-scan/usb-init: add debugging info 2023-04-17 16:17:55 -04:00
wget-measure.sh Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
wipe-totp Implement Restricted Boot Mode 2023-06-21 13:26:45 -04:00
xx30-flash.init Combine t430-flash.init, x23-flash.init, fix insmod 2023-03-13 13:23:29 -04:00