Version: v0.0.0-...-c97c800 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Feb 6, 2019 License: BSD-3-Clause Imports: 20 Imported by: 0




This section is empty.


View Source
var ErrKernelMissing = errors.New("must have non-nil kernel")

ErrKernelMissing is returned by LinuxImage.Pack if no kernel is given.


This section is empty.


type LinuxImage

type LinuxImage struct {
	Kernel  io.ReaderAt
	Initrd  io.ReaderAt
	Cmdline string

LinuxImage implements OSImage for a Linux kernel + initramfs.

func NewLinuxImageFromArchive

func NewLinuxImageFromArchive(a *cpio.Archive) (*LinuxImage, error)

NewLinuxImageFromArchive reads a netboot21 Linux OSImage from a CPIO file archive.

func (*LinuxImage) Execute

func (li *LinuxImage) Execute() error

Execute implements OSImage.Execute and kexec's the kernel with its initramfs.

func (*LinuxImage) ExecutionInfo

func (li *LinuxImage) ExecutionInfo(l *log.Logger)

ExecutionInfo implements OSImage.ExecutionInfo.

func (*LinuxImage) Pack

func (li *LinuxImage) Pack(sw cpio.RecordWriter) error

Pack implements OSImage.Pack and writes all necessary files to the modules directory of `sw`.

type MeasuringReader

type MeasuringReader struct {
	// contains filtered or unexported fields

MeasuringReader is a cpio.Reader that collects the signed data and compares it against the signature in the given cpio archive.

func NewMeasuringReader

func NewMeasuringReader(r cpio.RecordReader) *MeasuringReader

NewMeasuringReader returns a new measuring reader.

func (*MeasuringReader) ExtendTPM

func (mr *MeasuringReader) ExtendTPM(tpmRW io.ReadWriter, pcrIndex uint32) error

ExtendTPM extends the given tpm at pcrIndex with the content of the package.

func (*MeasuringReader) ReadRecord

func (mr *MeasuringReader) ReadRecord() (cpio.Record, error)

ReadRecord wraps cpio.Reader.ReadRecord and adds the content to `signed` as necessary.

func (*MeasuringReader) Verify

func (mr *MeasuringReader) Verify(pk *rsa.PublicKey) error

Verify verifies the contents of the archive as read so far.

NOTE(UGH): Go crypto stuff is totally incompatible. ecdsa.PrivateKey.Sign does not output shit that is compatible with ecdsa.Verify -- COME ON. Only ecdsa.Sign does.

type OSImage

type OSImage interface {
	// ExecutionInfo prints information about the OS image. A user should
	// be able to use the kexec command line tool to execute the OSImage
	// given the printed information.
	ExecutionInfo(log *log.Logger)

	// Execute kexec's the OS image: it loads the OS image into memory and
	// jumps to the kernel's entry point.
	Execute() error

	// Pack writes the OS image to the modules directory of sw and the
	// package type to package_type of sw.
	Pack(sw cpio.RecordWriter) error

OSImage represents a bootable OS package.

type Package

type Package struct {

	// Metadata is a map of relative archive paths -> arbitrary metadata
	// content.
	Metadata map[string]string

Package is a netboot21 boot package.

It contains an OSImage to boot as well as arbitrary metadata.

func NewPackage

func NewPackage(osi OSImage) *Package

NewPackage returns a new package based on the given OSImage.

func (*Package) AddMetadata

func (p *Package) AddMetadata(relPath string, content string)

AddMetadata adds metadata at a relative path.

func (*Package) Pack

func (p *Package) Pack(w cpio.RecordWriter, signer *rsa.PrivateKey) error

Pack writes the boot package into archive w.

TODO(hugelgupf): use a generic private key interface. No idea if we intend to keep using RSA here. Make usable with TPM.

func (*Package) Unpack

func (p *Package) Unpack(rr cpio.RecordReader, pk *rsa.PublicKey) error

Unpack unpacks a boot package in rr to p.

TODO(hugelgupf): RSA? Generalize.

type SigningWriter

type SigningWriter struct {
	// contains filtered or unexported fields

SigningWriter is a cpio.RecordWriter that collects digests as it writes files to the cpio archive.

func NewSigningWriter

func NewSigningWriter(w cpio.RecordWriter) *SigningWriter

NewSigningWriter returns a new signing cpio writer.

func (*SigningWriter) SHA1Sum

func (sw *SigningWriter) SHA1Sum() [sha1.Size]byte

SHA1Sum returns the SHA1 sum of the collected digest.

func (*SigningWriter) WriteRecord

func (sw *SigningWriter) WriteRecord(rec cpio.Record) error

WriteRecord implements cpio.RecordWriter.

func (*SigningWriter) WriteSignature

func (sw *SigningWriter) WriteSignature(signer *rsa.PrivateKey) error

WriteSignature writes the signature and signature_algo files based on the collected digest.

TODO(hugelgupf): stop hard-coding the private key and algorithm. Use crypto.Signer so TPM could be used to sign this if so desired.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL