feat: add CPIO packing for companion files #168
No reviewers
Labels
No labels
bug
dependency
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
review-next
security
stub
tool
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: raito/lanzaboote#168
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "cpio-packing"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Depended on #167 #166.This adds CPIO packing and open credentials and systemd extensions discovery and load.
With this, we should be able to read from drop-in directories, load CPIO archives and combine them as initrds for sysexts (+ measurements).
In what situation do we have to create initrds? You only mentioned appending them and cpios can be appended without repacking them.
Companion files are not initrd, they are just random files laying around on the ESP.
Therefore, to make them available in your initrd phase, you need to pack them as CPIOs and merge them with the others initrds, hence the need for a CPIO packing phase.
(They are not CPIO on their own at the start, otherwise, it would be cumbersome to manipulate from userspace.)
This is unfinished
This is unfinished
@nikstur I think this CPIO stuff is the good opportunity to introduce our "library crate" for UEFI bootloaders stuff.
This would be easier to handle if it returns a zero-length vector when zero padding is required. This makes the calling code easier because it removes case distinctions.
From an architectural point, it would be great to separate the CPIO writing from any UEFI stuff. So we could split this file into one module that does only CPIO construction in memory (without using any UEFI types) and another module that adds whatever UEFI magic is required.
I decided to be serious about the problem space, so here's my strategy.
piolibraryInstead of forcing a CPIO writer inside the linux-bootloader crate, I decided to create a new library called
piowhich can be used for writing CPIO in no_std, alloc contexts. (name subject to change but like p for pico I/O :>).It is relying on embedded-io (I/O in no_std) and snafu (for errors in no_std) and rolls its own very basic cursor type for internal purpose. It could do direct I/O via the existing I/O trait and I could move the cursor thing outside, but baby steps.
piolibrary is a file format library and as with all file format libraries, let's write tests. Writing UEFI tests is not easy, therefore, I decided to move the testing to userspace viacargo test --target x86_64-unknown-linux-gnu, I don't know if I can automate this well enough withoutxtask, but that should be the way to go IMHO.As a development dependency, I bring a… CPIO reader (and writer) which also use the same format (newc) which I will use to perform integration testing in various fashions.
I want simple "unit tests" (alignment, read a simple CPIO, etc.), then I want to torture more and more the library as we go on.
Ideally, we could donate this to rust-osdev or whoever is interested in the maintenance at some point.
linux-bootloaderlibraryThis library should be responsible to articulate the UEFI APIs to pack CPIO at the high level if I give you a bunch of files via a UEFI filesystem and optionally measure it to the TPM2.
It should also offer a way to merge initrds dynamically.
lanzastub
lanzastub should be discovering system extensions and credentials via
linux-bootloaderlibrary, measure them if TPM2 is available, send them to the boot linux entrypoint and call the dynamic merger for initrds.Making this a very simple feature at lanza-level, modulo for new EFI variables to export.
End to end testing
I think, if I do this, this PR would be in a good enough shape w.r.t. to testing scenarios.
@blitz @nikstur I would appreciate a review on the credentials part, I'm not sure yet what I want to do about local credentials vs. global credentials. I feel like you can always use global credentials and local credentials are almost always useless with lanzaboote except if you use the fat UKIs model? So I suggest removing the code for them from the tool, as it does not make a lot of sense.
For sysexts, I will add more stuff soonish to test them properly.
Note for reviewers: I will work to remove the fork dependency in this PR.
Actually, I'm thinking, but I don't think systemd-sysext makes a lot of sense, just merging in
/usror/optis almost useless for NixOS, so I would rather skip the test for this stuff and leave it as-is.I think the separate CPIO module goes in the right direction, but it would make sense to split it off into a separate PR for reviewing.
Also split.
Pull request closed