| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
struct boot_status is a bit misnamed; we report status on things that
aren't just the boot status (eg, discovery).
This change refactors struct boot_status into just struct status. We
give the type enum a name, and shorten the enum values to suit.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
| |
'Console' is more readily understandable and technically more correct
than 'tty' for referring to the interfaces that Petitboot starts a UI on.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
In certain cases, such as network booting over an untrusted connection,
it may be useful to fully encrypt and sign the kernel files.
Enable fully encrypted boot using builtin keyring via the addition of
the string "ENCRYPTED" to the first line of the /etc/pb-lockdown file.
This disables detached (plaintext) signature verification.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|
|
|
|
|
|
|
|
|
| |
Currently, once the boot() function is called, the boot process will
ignore any cancellations.
This change allows boot() to be cancelled, via boot_cancel().
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
| |
Now what we have protocol support, send status updates during the boot
process.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change switches the parsers over to populate the resources in
discover_boot_option, rather than the string parameters in boot_option.
To do this, we need a few things:
* Add struct resources to discover_boot_option for the boot_image,
initrd and icon data.
* Have the parsers populate the resources, rather than the strings.
Currently, parsers can all use the devpath resource type.
* Add a resolve_resource callback to parsers; this is how the device
handler will attempt to resolve resources.
* Change load_file to load_url, as we should be only accessing
(resolved) resources by URLs.
This then allows us to remove the mount map, and associated lookup code,
as well as the UUID and label links to devices.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
This change adds a funtion, device_handler_boot, which processes the
boot command message from the discover server.
We add a new file, discover/boot.c (and a corresponding header) with a
skeleton for the final kexec code.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|