git.ozlabs.org Git - petitboot/commit

]> git.ozlabs.org Git - petitboot/commit

author	tpearson@raptorengineering.com <tpearson@raptorengineering.com>
	Thu, 18 Aug 2016 09:46:47 +0000 (04:46 -0500)
committer	Samuel Mendoza-Jonas <sam@mendozajonas.com>
	Fri, 26 Aug 2016 03:23:01 +0000 (13:23 +1000)
commit	ccb478ac2e5b1e24ebb6af4130fdd37e1b36babb
tree	3d6846ae2b791ab11f3d5069f9097199f34cf529	tree \| snapshot (tar.gz zip)
parent	f5dab0206a3baca73895a587583ddfa402f8f569	commit \| diff

Add encrypted file support

In certain cases, such as network booting over an untrusted connection,
it may be useful to fully encrypt and sign the kernel files.

Enable fully encrypted boot using builtin keyring via the addition of
the string "ENCRYPTED" to the first line of the /etc/pb-lockdown file.
This disables detached (plaintext) signature verification.

Signed-off-by: Timothy Pearson <tpearson@raptorengineering.com>
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>

discover/boot.c		diff \| blob \| history
discover/boot.h		diff \| blob \| history
lib/security/gpg.c		diff \| blob \| history
lib/security/gpg.h		diff \| blob \| history

kexec-based bootloader

RSS Atom