diff options
| author | tpearson@raptorengineering.com <tpearson@raptorengineering.com> | 2016-08-18 04:45:47 -0500 |
|---|---|---|
| committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2016-08-26 13:23:01 +1000 |
| commit | 86c9d34380b0074dab1ba89a569a94280d6999c4 (patch) | |
| tree | 22cf0cccbd4022d150e231adcb360b3bcf528cda /discover/kboot-parser.c | |
| parent | 5496eee36f70631ae45403f90ed7b4dc143f27c0 (diff) | |
| download | talos-petitboot-86c9d34380b0074dab1ba89a569a94280d6999c4.tar.gz talos-petitboot-86c9d34380b0074dab1ba89a569a94280d6999c4.zip | |
Add support for GPG signature enforcement on booted
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
Diffstat (limited to 'discover/kboot-parser.c')
| -rw-r--r-- | discover/kboot-parser.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/discover/kboot-parser.c b/discover/kboot-parser.c index cebe787..f7f75e0 100644 --- a/discover/kboot-parser.c +++ b/discover/kboot-parser.c @@ -96,6 +96,12 @@ out_add: d_opt->boot_image = create_devpath_resource(d_opt, conf->dc->device, value); + char* args_sigfile_default = talloc_asprintf(d_opt, + "%s.cmdline.sig", value); + d_opt->args_sig_file = create_devpath_resource(d_opt, + conf->dc->device, args_sigfile_default); + talloc_free(args_sigfile_default); + if (root) { opt->boot_args = talloc_asprintf(opt, "root=%s %s", root, args); talloc_free(args); |
