summaryrefslogtreecommitdiffstats
path: root/discover/boot.h
diff options
context:
space:
mode:
authortpearson@raptorengineering.com <tpearson@raptorengineering.com>2016-08-18 04:46:47 -0500
committerSamuel Mendoza-Jonas <sam@mendozajonas.com>2016-08-26 13:23:01 +1000
commitccb478ac2e5b1e24ebb6af4130fdd37e1b36babb (patch)
tree3d6846ae2b791ab11f3d5069f9097199f34cf529 /discover/boot.h
parentf5dab0206a3baca73895a587583ddfa402f8f569 (diff)
downloadtalos-petitboot-ccb478ac2e5b1e24ebb6af4130fdd37e1b36babb.tar.gz
talos-petitboot-ccb478ac2e5b1e24ebb6af4130fdd37e1b36babb.zip
Add encrypted file support
In certain cases, such as network booting over an untrusted connection, it may be useful to fully encrypt and sign the kernel files. Enable fully encrypted boot using builtin keyring via the addition of the string "ENCRYPTED" to the first line of the /etc/pb-lockdown file. This disables detached (plaintext) signature verification. Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com> Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
Diffstat (limited to 'discover/boot.h')
-rw-r--r--discover/boot.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/discover/boot.h b/discover/boot.h
index 2190495..2d99b7f 100644
--- a/discover/boot.h
+++ b/discover/boot.h
@@ -32,6 +32,7 @@ struct boot_task {
bool dry_run;
bool cancelled;
bool verify_signature;
+ bool decrypt_files;
struct load_url_result *image_signature;
struct load_url_result *initrd_signature;
struct load_url_result *dtb_signature;
@@ -43,6 +44,7 @@ struct boot_task {
};
enum {
+ KEXEC_LOAD_DECRYPTION_FALURE = 252,
KEXEC_LOAD_SIG_SETUP_INVALID = 253,
KEXEC_LOAD_SIGNATURE_FAILURE = 254,
};
OpenPOWER on IntegriCloud