Qubes/Xen startup script should live on /boot #154
Labels
Milestone
Comments
osresearch
added a commit
that referenced
this issue
Apr 3, 2017
This also adds a set of files in the qubes/ directory that are meant to be copied to the /boot partition. Issue #154: for ease of upgrading Qubes, the script should live on /boot instead of in the ROM. This requires a GPG signature on the startup script to avoid attacks by modifying the boot script. Issue #123: this streamlines the boot process for Qubes, although the disk password is still not passed in correctly to the initrd (issue #29). This does not address issues #110 of how to find the root device. The best approach is probably disk labels, which will require special installation instructions.
|
And there is a bug that the PCRs are not reset if |
osresearch
added a commit
that referenced
this issue
Apr 3, 2017
osresearch
added a commit
that referenced
this issue
Apr 3, 2017
Replace libuuid with util-linux libuuid (and libblkid, although we are not using libblkid right now). This also requires a much larger coreboot cbfs, which was fixed as part of issue #154.
tlaurion
pushed a commit
to tlaurion/heads
that referenced
this issue
May 3, 2024
Begin new/freed block estimator Cleanup old -tmp dirs when sending Refine send and receive status
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Qubes/Xen startup script should live on
/bootrather than in the ROM -- otherwise upgrading Qubes requires reflashing (and regenerating TOTP tokens and resealing disk keys) the ROM. The easiest way to do this would be to have a GPG signed script in/boot/boot.sh, which will be responsible for validating signatures, etc.The text was updated successfully, but these errors were encountered: