-
-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
shared: generalize signature schemes #303
base: master
Are you sure you want to change the base?
Commits on Jan 25, 2024
-
flake: support fine-grained
buildRustApp
inside of the workspace wr……t packages Now, it is possible to build any package of the workspace in a fine grained fashion.
Configuration menu - View commit details
-
Copy full SHA for 9fa26ad - Browse repository at this point
Copy the full SHA 9fa26adView commit details -
tool(pe): extract stub parameters in their own structure
We want here to capture the required data to assemble a stub, here is a partial structure modulo ESP generation paths. Other pieces of code can consume this structure, validate it before passing it to the PE assembler and the signer. We convert everything into owned structures because we cannot really do deserialization in any context with lifetimes going around, but, allocations are generally very cheap in this context.
Configuration menu - View commit details
-
Copy full SHA for 8c4ad67 - Browse repository at this point
Copy the full SHA 8c4ad67View commit details
Commits on Feb 12, 2024
-
tool(*): generalize signature mechanisms
In order to offer more flexible signature mechanisms in lanzaboote, we need to take a step back and offer a general PE signature trait. After this, we will be able to plug various different implementations.
Configuration menu - View commit details
-
Copy full SHA for fcea16e - Browse repository at this point
Copy the full SHA fcea16eView commit details -
nix/tests: extract into a lanzaboote library some common functions
Our lanzaboote integration tests are getting more and more sophisticated and ambitious. Let's extract them into a "lanzalib", so they can be used with multiple backends.
Configuration menu - View commit details
-
Copy full SHA for 9a73606 - Browse repository at this point
Copy the full SHA 9a73606View commit details -
tool(systemd): improve testing logic for overwrite unsigned images
We didn't test if there *was* a signature, idempotency of removal of signatures (i.e. removing an non-existent signature is the identity operation) could fool us into believing we had a signed thing then not signed.
Configuration menu - View commit details
-
Copy full SHA for a2456d9 - Browse repository at this point
Copy the full SHA a2456d9View commit details -
fix: do not emit a temporary initrd location if it's not needed
We fabricated a lot of initrds which were exactly the same as the one in our store when we had no initrd secrets. This ends this practice.
Configuration menu - View commit details
-
Copy full SHA for 1b40d87 - Browse repository at this point
Copy the full SHA 1b40d87View commit details