ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-21 22:07:52 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
efc49c7425
heads/initrd/bin
History
Kyle Rankin efc49c7425
Add Root file hash feature 
Currently Heads will check files in /boot for tampering before booting
into a system. It would be nice if you could use the trusted environment
within Heads and extend this to check files in / itself. This new script
adds that functionality, however due to the length of time it takes to
perform these kinds of checks, it doesn't run automatically (yet).

This feature can be configured from the config GUI - the root device/
directories to check can be set, and it can be configured to run during
boot.

To make this a bit easier to use, I added a feature to detect whether
the hash file exists and if not, to display a more limited menu to the
user guiding them to create the initial hash file. Otherwise it will
display the date the file was last modified, which can be useful to
determine how stale it is.
2023-06-21 13:26:37 -04:00
..
cbfs-init tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1. 2023-03-08 12:45:46 -05:00
cbfs.sh Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
config-gui.sh Add Root file hash feature 2023-06-21 13:26:37 -04:00
flash-gui.sh Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
flash.sh Use the Librem Key as a TPM work-alike in the absence of a TPM 2023-06-14 09:58:34 -04:00
flashrom-kgpe-d16-openbmc.sh Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
generic-init Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
gpg-gui.sh Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
gpgv Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
gui-init Add Root file hash feature 2023-06-21 13:26:37 -04:00
kexec-boot media-scan/usb-init: add debugging info 2023-04-17 16:17:55 -04:00
kexec-insert-key Small cosmetic/typo related changes, ccache enablement for coreboot and reduction of unseal attempts 2023-03-10 12:11:57 -05:00
kexec-iso-init kexec-iso-init: add TinyCore iso boot logic (Based on https://github.com/u-root/webboot/) 2023-04-17 16:18:22 -04:00
kexec-parse-bls Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
kexec-parse-boot kexec-parse-boot: fix isolinux iso booting 2023-04-17 16:19:08 -04:00
kexec-save-default ikexec-save-default: fix case when no crypttab found in initrd 2023-03-14 10:42:21 -04:00
kexec-save-key Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
kexec-seal-key Small cosmetic/typo related changes, ccache enablement for coreboot and reduction of unseal attempts 2023-03-10 12:11:57 -05:00
kexec-select-boot Add Root file hash feature 2023-06-21 13:26:37 -04:00
kexec-sign-config Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
kexec-unseal-key gui-init, kexec-unseal-key: Move PCR debugging output to DEBUG calls 2023-03-10 15:39:54 -05:00
key-init Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
media-scan media-scan/usb-init: add debugging info 2023-04-17 16:17:55 -04:00
mount-usb mount-usb: Fix word splitting in test for USB devices 2023-04-12 09:12:10 -04:00
network-init-recovery Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
oem-factory-reset oem-factory-reset: remove duplicates and add proper error redirection to file 2023-03-30 13:12:24 -04:00
oem-system-info-xx30 Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
poweroff poweroff, reboot: Do not use bash 2023-03-13 12:51:42 -04:00
qubes-measure-luks Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
reboot poweroff, reboot: Do not use bash 2023-03-13 12:51:42 -04:00
root-hashes-gui.sh Add Root file hash feature 2023-06-21 13:26:37 -04:00
seal-hotpkey gui-init/seal-libremkey: reduce friction when generating new secret 2023-06-14 09:58:35 -04:00
seal-totp initrd/bin/seal-totp: PCR0-4 cannot be expected to be 0 on PPC64. 2023-06-04 20:20:46 +03:00
talos-init initrd/bin/talos-init: disable fast-reset 2023-06-07 01:10:14 +03:00
tpm-reset gui-init, tpm-reset: Enforce TPM password maximum length 2023-03-13 13:34:40 -04:00
tpmr tpmr: Provide startsession for TPM1 and TPM2 2023-03-13 13:10:24 -04:00
uefi-init tpm2-tools: Change sense of CONFIG_TPM to mean any TPM, not just TPM1. 2023-03-08 12:45:46 -05:00
unseal-hotp Use the Librem Key as a TPM work-alike in the absence of a TPM 2023-06-14 09:58:34 -04:00
unseal-totp seal-totp, kexec-seal-key: Use common logic for TPM1 and TPM2 2023-03-08 12:45:57 -05:00
usb-init media-scan/usb-init: add debugging info 2023-04-17 16:17:55 -04:00
wget-measure.sh Add dual support for real bash and busybox's bash(ash) 2023-03-08 12:45:44 -05:00
xx30-flash.init Combine t430-flash.init, x23-flash.init, fix insmod 2023-03-13 13:23:29 -04:00