token2/snapd
0
0
Fork 0
mirror of https://github.com/token2/snapd.git synced 2026-03-13 11:15:47 -07:00
Code Issues Packages Projects Releases Wiki Activity
50,695 Commits 69 Branches 314 Tags
d063554372e03ad94de347fd0fd4c39b6ee83f95
Commit Graph

866 Commits

Author SHA1 Message Date
Michael Vogt
49ad899515 Merge pull request #10481 from bboozzoo/bboozzoo/uc20-set-up-try-mode-when-trying-system 
boot: properly handle tried system model
 2021-07-06 09:14:57 +02:00
Maciej Borzecki
1857d7bde1 boot: shuffle the model around, fix typos 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-07-05 14:54:08 +02:00
Maciej Borzecki
2b15549677 boot: allow mocking secboot reseal call 
This is sometimes useful in integration testing.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-07-05 11:37:20 +02:00
Maciej Borzecki
3543f74d29 boot: extend comments about setting and clearing try recovery sytems and related device context 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-07-02 11:44:22 +02:00
Maciej Borzecki
87398b59a2 boot: tweak modeenv helper names 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-07-02 11:44:16 +02:00
Maciej Borzecki
8d22ebeaf8 boot: set up a try model for a tried system 
A recovery system can be created during UC20 remodel, in which case, it will
carry the new model. The new model's properties that get measured during the
boot may be different from the current model's, and thus the keys need to be
resealed for this new model.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-07-01 13:30:09 +02:00
Maciej Borzecki
df76c13fbd boot: internal helpers for manipulating models in modeenv 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-07-01 13:30:09 +02:00
Maciej Borzecki
ef7257b02f boot: leave TODO about relaxing model ID comparison 
Consider relaxing the check, especially in the context of model sign key
revocation or expiration.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-25 12:35:28 +02:00
Maciej Borzecki
082467da8c boot: construct recovery boot chains for a matching system only, drop TODO 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-25 09:23:31 +02:00
Maciej Borzecki
04be286285 boot: compare model when constructing boot chains 
Be more careful when constructing the boot chains and select the recovery
systems based on their models. Depending on the indented use of the boot
chains (run & or recovery keys), allow or deny use of try model.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-24 14:00:13 +02:00
Maciej Borzecki
bdd18a53d7 boot: support resealing with a try model 
Extend the reseal code to support try model

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-21 10:07:16 +02:00
Maciej Borzecki
d26133c954 boot: use new kernel path in bootstate reseal tests 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-18 06:50:56 +02:00
Maciej Borzecki
8e9b48e1d7 boot: drop model from bootstate, make tests more realistic 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-17 09:27:49 +02:00
Maciej Borzecki
528b3f8319 boot: drop model from resealing 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-17 09:27:49 +02:00
Michael Vogt
e34d1c81e2 Merge remote-tracking branch 'upstream/master' into bboozzoo/uc20-decouple-re-seal-from-model 2021-06-16 16:09:57 +02:00
Samuele Pedroni
54e84fb8db many: fix imports order (according to gci) 
had to make the comment in wrappers/services_test.go a one-liner
otherwise half of it is lost

last set of files needing changing (as per current master)
 2021-06-16 09:54:31 +02:00
Maciej Borzecki
44adf72f50 boot: use secboot interface where possible, turn method into a helper function 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-15 16:41:29 +02:00
Maciej Borzecki
11f6ffd22c boot: drop internal model from bootchain, generate model for sealing from bootchain 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-15 14:56:16 +02:00
Maciej Borzecki
3293df1ca8 Merge remote-tracking branch 'upstream/master' into bboozzoo/uc20-decouple-re-seal-from-model 2021-06-15 11:48:13 +02:00
Maciej Borzecki
a4d2252f33 boot: tweak tests, add an internal interface 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-15 11:47:29 +02:00
Maciej Borzecki
448061c9f0 boot: extend modeenv unit tests 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-11 14:41:03 +02:00
Maciej Borzecki
77f056d31d boot: fix modeenv try model inconsistency checks 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-11 14:36:53 +02:00
Maciej Borzecki
37fc0edcdc boot: decouple model from seal/reseal handling via an auxiliary type 
It is desired that the seal/reseal code only operates on the input provided in
modeenv rather than poking other external structures. The change decouples the
lower level code from accessing the model directly.

Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-11 13:16:53 +02:00
Maciej Borzecki
09829e9f4e boot: tweak naming, rename SignKeyID to ModelSignKeyID 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-11 10:08:10 +02:00
Maciej Borzecki
2ff29a2547 boot: gofmt fun 
Signed-off-by: Maciej Borzecki <maciej.zenon.borzecki@canonical.com>
 2021-06-10 18:39:46 +02:00