secureboot

package
v2.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 15, 2023 License: AGPL-3.0 Imports: 9 Imported by: 0

Documentation

Overview

package secureboot holds secure boot configuration for image uploads.

Index

Constants

View Source
const (
	EFIVariableNonVolatile                       = 0x00000001
	EFIVariableBootServiceAccess                 = 0x00000002
	EFIVariableRuntimeAccess                     = 0x00000004
	EFIVariableTimeBasedAuthenticatedWriteAccess = 0x00000020
)

EFI constants.

Variables

This section is empty.

Functions

This section is empty.

Types

type Database

type Database struct {
	// PK is the platform key.
	PK []byte
	// Keks are trusted key-exchange-keys
	Keks [][]byte
	// DBs are entries of the signature database.
	DBs [][]byte
}

Database holds the secure boot database that cloud providers should use when enabling secure boot for a Constellation OS image.

func DatabaseFromFiles

func DatabaseFromFiles(fs afero.Fs, pk string, keks []string, dbs []string) (Database, error)

DatabaseFromFiles creates the secure boot database from individual files.

type UEFIVar

type UEFIVar struct {
	Name      string
	Data      []byte
	GUID      []byte
	Attr      uint32
	Timestamp []byte
	Digest    []byte
}

UEFIVar is a UEFI variable.

func ReadVar

func ReadVar(reader io.Reader, name string, guid []byte) (UEFIVar, error)

ReadVar reads a UEFI variable from an ESL file.

func (UEFIVar) AWSEntry

func (v UEFIVar) AWSEntry() ([]byte, error)

AWSEntry returns the AWS format entry for the UEFI variable.

type UEFIVarStore

type UEFIVarStore []UEFIVar

UEFIVarStore is a UEFI variable store. It is a collection of UEFIVar structs. This is an abstract var store that can convert to a concrete var store for a specific CSP.

func VarStoreFromFiles

func VarStoreFromFiles(fs afero.Fs, pk, kek, db, dbx string) (UEFIVarStore, error)

VarStoreFromFiles creates the UEFI variable store from "EFI Signature List" (esl) files.

func (UEFIVarStore) ToAWS

func (s UEFIVarStore) ToAWS() (string, error)

ToAWS converts the UEFI variable store to the AWS UEFI vars v0 format. The format is documented here: https://github.com/awslabs/python-uefivars It is structured as follows: Header: - 4 bytes: magic number - 4 bytes: crc32 of the rest of the file - 4 bytes: version number

Body is zlib compressed stream of: 8 bytes number of entries for each entry: - name (variable length field, utf8) - data (variable length field) - guid (16 bytes) - attr (int32 in little endian) OPTIONAL (if attr has EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set): - timestamp (16 bytes) - digest (variable length field).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL