Open
Conversation
Integrate secureboot key generation into setup-ovmf.Secure boot keygen depends on openssl, efitools and sed - none of which are available on windows. We should integrate it all into the gen-secureboot-keys tool. Lines 88 to 98 in 9cec331 This comment was generated by todo based on a
|
Orycterope
approved these changes
Oct 16, 2019
| @@ -149,10 +149,11 @@ pub extern "C" fn do_bootstrap(multiboot_info_addr: usize) -> ! { | |||
|
|
|||
| // Move the multiboot_header to a single page in kernel space. This simplifies some | |||
Member
There was a problem hiding this comment.
Well then it's not a single page, innit ?
Allows doing some initialization based on the pid before starting a process. For instance, a future commit will allow setting up the stdin/out/err pipes before starting the process.
Twili, also known as the pipe manager (which is not pm), allows passing stdin/stdout/stderr pipes to various sub-process. It is also responsible for passing data around in the "dumb" pipes (basically unix pipes). It has a generic interface, IPipe, that is implemented by those dumb pipes, but also by vi Terminals and, eventually, fs Files.
When booting from UEFI, multiboot infos are a lot bigger for whatever reason. They're so much bigger, they span multiple pages! As such, bootstrap now accepts multiple pages for the multiboot. The kernel already allows multi-page multiboot infos (it tells the frame allocator to reserve the whole multiboot info region).
When disk initializer sees two conflicting files, it will now chose the earliest file instead of panicking.
We should strive to keep the source directory clean, and only copy stuff in the target/ directory. It keeps the gitignore simpler, and simplifies a bunch of other things. So now we copy the binaries to target/isofiles/boot instead.
Only run it on linux for now.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Automatically creates a secure boot image that starts at the flash firmware (OVMF) and verifies the bootloader, which in turn verifies the bootstrap, kernel and KIPs.
Long term, we'll replace GRUB (and PGP) with our own bootloader (See #468) but in the meantime, this gets us some very good security memes.