| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Provides helper functions for reading, writing, and checking against
/etc/shadow. The main use case if for authenticating clients against the
"system" password, which is set as the root password.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Based on the powerpc param routines adds new generic routines
to manage a name + value parameter list.
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
| |
Provide methods to load/store petitboot's configuration on efi-based
platforms. A test case is also provided.
Signed-off-by: Ge Song <ge.song@hxt-semitech.com>
[Cleanup file comments, make efivarfs_path static.]
Signed-off-by: Geoff Levand <geoff@infradead.org>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor to export a generic API rather than specific gpg_ prefixes by
changing gpg.h to security.h and renaming some of the exports.
Break out the common and specific functionality into common.c and
none.c/gpg.c/openssl.c for no/gpgme/openssl modes respectively.
gpgme should work as before
OpenSSL support works like this:
The pb-lockdown file is a PKCS12 file or X509 certificate or PEM-encoded
raw public key. To follow the current conventions the presence of a
PKCS12 file as a lockdown signals decrypt mode because of the presence
of the private key, anything else signals signature verification mode.
The keyring path is currently ignored but in the future could be used to
point to an X509 certificate chain for validity checking. Because of
this self-signed certificates are currently supported and really just
used as a public key container.
Signature verification mode supports:
* Cryptographic Message Syntax (CMS) as detached S/MIME, this is really
more for consistency for the encryption mode (see below). This mode
requires the lockdown file to be an X509 certificate.
A sample creation command would be:
openssl cms -sign -in (infile) -out (outfile) -binary -nocerts \
-inkey (private key) -signer (recipient certificate)
* Raw signature digest as output from openssl dgst -sign command. This
mode can have the lockdown file be an X509 certificate or a PEM raw
public key but the digest algorithm must be pre-defined by the
VERIFY_DIGEST configure argument. The default is SHA256.
A sample creation command would be:
openssl dgst -sign (private key) -out (outfile) -(digest mode) \
(infile)
Decryption mode supports:
* CMS signed-envelope as attached S/MIME. This is for consistency with
the current expectation of no external file for decryption. Some
future enhancement could be to come up with some proprietary external
file format containing the cipher used, the encrypted cipher key, and
the IV (if necessary).
A sample creation command would be:
openssl cms -sign -in (infile) -signer (recipient certificate) \
-binary -nocerts -nodetach -inkey (private key) | \
openssl cms -encrypt -(cipher mode) -out (outfile) \
(recipient certificate)
The PKCS12 file is expecting the private key to have password of NULL or
"" as there is currently no mechanism to supply a custom one.
Signed-off-by: Brett Grandbois <brett.grandbois@opengear.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
| |
Include the CCAN endian.h header in build sources and change the
--with-twin-foo options to default off - most users are not building
with libtwin so avoid having configure fail for them.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
| |
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernels and related blobs
This can be used to implement a form of organization-controlled secure boot,
whereby kernels may be loaded from a variety of sources but they will only
boot if a valid signature file is found for each component, and only if the
signature is listed in the /etc/pb-lockdown file.
Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
(Minor build fixes and gpgme.m4, comment on secure boot in gpg.c)
|
|
|
|
|
|
|
|
|
| |
libdevmapper is a hard dependency since snapshots were introduced, so
add an unconditional configure-time check for it.
Also add a check for libflash library and headers if --enable-mtd is
set.
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add basic libflash support to read the VERSION partition on BMC
machines. This adds a dependency on the libflash shared library from
Skiboot.
The MTD partition is accessed through the libflash helper functions.
Once read into a buffer, the VERSION partition is a simple list of
newline-terminated version strings. Some BMC platforms may have two
'sides' to flash - these are interpreted as the "current" and "other"
sides depending on which one the current Petitboot is running from.
Signed-off-by: Sam Mendoza-Jonas <sam@mendozajonas.com>
|
|
|
|
|
|
| |
Make the strncols() helper available generally to i18n-concerned code.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Add the new autoboot_option struct, and helper functions for working
with device_type enums. device_type_name() returns exact strings as used
by platform code to read/write nvram params, so
device_type_display_name() is added for use in user-visible strings.
Signed-off-by: Samuel Mendoza-Jonas <sam.mj@au1.ibm.com>
|
|
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the current testing infrastructure, we don't have a strictly
hierarchical set of dependencies. This causes problems with a recursive
make, and means we have to hack around some of the dependencies.
This change generates a single, top-level makefile from all of the
Makefile.am fragments. We still need the po/ directory as a separate
SUBDIR, but all others can be converted to non-recursive.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need a couple of automake options to prevent errors when regenerating
Makefile.ins during source preparation.
Some makefiles assume GNU make, so add 'foreign' where necessary. Also,
we are building objects in subdirectories, so we need 'subdir-objects'.
Modified to suit recent petitboot by Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Jeff Bailey <jeffbailey@google.com>
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
| |
We want to fold help text into the ncurses UI, so add a little module to
split text into lines.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There's no need to include the config storage code in lib/ as only the
discover server should be using it.
This change moves the config-storage code to discover/, with the
platform-specific parts moved to a 'struct platform'. Each platform has
a probe function, which is called during init. The first probe function
to return a platform is used.
At present we only have the one platform, but it's now non-intrusive to
add others.
We keep an array of platform pointers in a separate ("platforms")
section, to allow the test module to drop-in its own test "platform".
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
| |
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
| |
This change groups the offsetof, container_of and ARRAY_SIZE macros in a
single header file util/util.h.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've grown-out of pb_run_cmd a little, as we have a number of different
process types:
boot():
- kexec: short-running process, run synchronously
- boot hooks: short-running, run sync, need exit code & stdout
network init:
- interface configuration: short running, run sync
- udhcp processes are long running, we may want completion, but
doesn't block other actions
downloads:
- potentially long-running, block parse progress
config nvram:
- read: short running, can block, need stdout
- write: short running, can block
We'd like to introduce proper asynchronous processes, to allow config &
boot-option downloads without blocking the discover server.
This change introduces a new type for processes, 'struct process'. These
structures are created with process_create, and run with
process_run_sync or process_run_async. The latter reports completion
through a callback member of struct process.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
| |
Add a library for (name, value) configuration.
Different storage backends are allowed (although currently hardcoded to
powerpc nvram), and config is read-only at present.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
| |
We'll need to use the URL handling code in the server, so move it to the
lib/ directory.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The device and boot_option types are defined in pb-protocol.h, but
aren't really specific to the procotol. This means a lot of
non-messaging-related files are #including the protocol definitions
unnecessarily.
This change separates the types out into lib/types/types.h.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Geoff Levand <geoff@infradead.org>
|
|
|
|
|
|
|
|
| |
Add the option --start-daemon to automatically start
pb-discover if it is not already started. For use
when running as a stand-alone app.
Signed-off-by: Geoff Levand <geoff@infradead.org>
|
|
Signed-off-by: Geoff Levand <geoff@infradead.org>
|