Documentation
¶
Overview ¶
package secureboot holds secure boot configuration for image uploads.
Index ¶
Constants ¶
const ( EFIVariableNonVolatile = 0x00000001 EFIVariableBootServiceAccess = 0x00000002 EFIVariableRuntimeAccess = 0x00000004 EFIVariableTimeBasedAuthenticatedWriteAccess = 0x00000020 )
EFI constants.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Database ¶
type Database struct {
// PK is the platform key.
PK []byte
// Keks are trusted key-exchange-keys
Keks [][]byte
// DBs are entries of the signature database.
DBs [][]byte
}
Database holds the secure boot database that cloud providers should use when enabling secure boot for a Constellation OS image.
type UEFIVar ¶
type UEFIVar struct {
Name string
Data []byte
GUID []byte
Attr uint32
Timestamp []byte
Digest []byte
}
UEFIVar is a UEFI variable.
type UEFIVarStore ¶
type UEFIVarStore []UEFIVar
UEFIVarStore is a UEFI variable store. It is a collection of UEFIVar structs. This is an abstract var store that can convert to a concrete var store for a specific CSP.
func VarStoreFromFiles ¶
func VarStoreFromFiles(fs afero.Fs, pk, kek, db, dbx string) (UEFIVarStore, error)
VarStoreFromFiles creates the UEFI variable store from "EFI Signature List" (esl) files.
func (UEFIVarStore) ToAWS ¶
func (s UEFIVarStore) ToAWS() (string, error)
ToAWS converts the UEFI variable store to the AWS UEFI vars v0 format. The format is documented here: https://github.com/awslabs/python-uefivars It is structured as follows: Header: - 4 bytes: magic number - 4 bytes: crc32 of the rest of the file - 4 bytes: version number
Body is zlib compressed stream of: 8 bytes number of entries for each entry: - name (variable length field, utf8) - data (variable length field) - guid (16 bytes) - attr (int32 in little endian) OPTIONAL (if attr has EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS set): - timestamp (16 bytes) - digest (variable length field).
Source Files