Documentation
¶
Overview ¶
Package secureboot contains base definitions for the Secure Boot process.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Phase ¶
type Phase string
Phase is the phase value extended to the PCR.
const ( // EnterInitrd is the phase value extended to the PCR during the initrd. EnterInitrd Phase = "enter-initrd" // LeaveInitrd is the phase value extended to the PCR just before switching to machined. LeaveInitrd Phase = "leave-initrd" // EnterMachined is the phase value extended to the PCR before starting machined. // There should be only a signed signature for the enter-machined phase. EnterMachined Phase = "enter-machined" // StartTheWorld is the phase value extended to the PCR before starting all services. StartTheWorld Phase = "start-the-world" )
type PhaseInfo ¶
PhaseInfo describes which phase extensions are signed/measured.
func OrderedPhases ¶
func OrderedPhases() []PhaseInfo
OrderedPhases returns the phases that are measured, in order.
Derived from https://github.com/systemd/systemd/blob/v253/src/boot/measure.c#L295-L308 ref: https://www.freedesktop.org/software/systemd/man/systemd-pcrphase.service.html#Description
In the case of Talos disk decryption, happens in machined, so we need to only sign EnterMachined so that machined can only decrypt the disk if the system booted with the correct kernel/initrd/cmdline OrderedPhases returns the phases that are measured.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package database generates SecureBoot auto-enrollment database.
|
Package database generates SecureBoot auto-enrollment database. |
|
Package pesign implements the PE (portable executable) signing.
|
Package pesign implements the PE (portable executable) signing. |
|
Package tpm2 provides TPM2.0 related functionality helpers.
|
Package tpm2 provides TPM2.0 related functionality helpers. |
Click to show internal directories.
Click to hide internal directories.