Skip to content

Linux Guard Dev Release #218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Linux Guard Dev Release #218

wants to merge 11 commits into from

Conversation

liulanze
Copy link
Contributor

@liulanze liulanze commented Apr 30, 2025
edited
Loading

WIP

Key Deltas Between Dev Branch and Main Branch (Linux Guard / Prism)

  1. Verity Hash Signature Input/Output Support
    i. systemd patch support: Mariner shiproom approval needed
    Tracking bug: ETA pending, I need to get started on it before providing a reasonable ETA.

  2. Verity + UKI -> Verity + UKI Output Image Generation not working

             Dependency: boot partition cleaning code must be commented out; still relies on boot partition and GRUB.
         Active, the bootloader project has been kicked off, design doc:   Bootloader Switching in IC with systemd-boot Support.docx, now I am at phase 1 for the PoC, ETA ~1 week.

  3. Shim and Systemd-boot Binary Overriding✅

             In main branch, systemd-boot binary overrides shim binary by default for non-signing situation.
         Fix merged in the main.

  4. Overlay Customization SELinux Handling✅

             Main branch does not remove pre-existing SELinux policy for overlay's upperdir and workdir.
         Fixed, the /usr verity switching eliminates the usage of overlay.

  5. COSI Metadata Limitation✅

             Main branch COSI metadata cannot handle Verity devices using custom DeviceMountIdType (only supports default partuuid).
         Active, ETA 2 days.

  6. Overlay-enabled Base Image Customization✅

             Main branch Prism lacks the ability to recognize existing overlay setups from fstab file during image customization.
         Fixed, the /usr verity switching eliminates the usage of overlay.

Checklist

  • Tests added/updated
  • Documentation updated (if needed)
  • Code conforms to style guidelines

@liulanze liulanze requested a review from a team as a code owner April 30, 2025 18:53
@liulanze liulanze changed the title User/lanzeliu/linuxguard dev Linux Guard Dev Release Apr 30, 2025
@liulanze liulanze self-assigned this Apr 30, 2025
@liulanze liulanze force-pushed the user/lanzeliu/linuxguard-dev branch 8 times, most recently from a1c4213 to 10e6d55 Compare May 7, 2025 18:23
@liulanze liulanze force-pushed the user/lanzeliu/linuxguard-dev branch from 10e6d55 to f6cac30 Compare May 18, 2025 22:10
@liulanze liulanze force-pushed the user/lanzeliu/linuxguard-dev branch from 845018e to 7c1095d Compare May 30, 2025 19:41
@liulanze liulanze force-pushed the user/lanzeliu/linuxguard-dev branch from c945d9f to 9104801 Compare June 2, 2025 22:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@liulanze liulanze

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@liulanze