diff options
| author | tpearson@raptorengineering.com <tpearson@raptorengineering.com> | 2016-08-18 04:45:47 -0500 |
|---|---|---|
| committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2016-08-26 13:23:01 +1000 |
| commit | 86c9d34380b0074dab1ba89a569a94280d6999c4 (patch) | |
| tree | 22cf0cccbd4022d150e231adcb360b3bcf528cda /ui/common | |
| parent | 5496eee36f70631ae45403f90ed7b4dc143f27c0 (diff) | |
| download | talos-petitboot-86c9d34380b0074dab1ba89a569a94280d6999c4.tar.gz talos-petitboot-86c9d34380b0074dab1ba89a569a94280d6999c4.zip | |
Add support for GPG signature enforcement on booted
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
Diffstat (limited to 'ui/common')
| -rw-r--r-- | ui/common/discover-client.c | 1 | ||||
| -rw-r--r-- | ui/common/discover-client.h | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/ui/common/discover-client.c b/ui/common/discover-client.c index 6247dd0..5dbd99b 100644 --- a/ui/common/discover-client.c +++ b/ui/common/discover-client.c @@ -312,6 +312,7 @@ static void create_boot_command(struct boot_command *command, command->initrd_file = data->initrd; command->dtb_file = data->dtb; command->boot_args = data->args; + command->args_sig_file = data->args_sig_file; command->tty = ttyname(STDIN_FILENO); } diff --git a/ui/common/discover-client.h b/ui/common/discover-client.h index 542a275..59d2df9 100644 --- a/ui/common/discover-client.h +++ b/ui/common/discover-client.h @@ -11,6 +11,7 @@ struct pb_boot_data { char *initrd; char *dtb; char *args; + char *args_sig_file; }; /** |
