uki

Documentation

Overview

Package uki creates the UKI file out of the sd-stub and other sections.

Index

• func DiscoverKernelVersion(kernelPath string) (string, error)
• func GetSBAT(path string) ([]byte, error)
• type Builder
  • func (builder *Builder) Build(printf func(string, ...any)) error

Functions

func DiscoverKernelVersion

func DiscoverKernelVersion(kernelPath string) (string, error)

DiscoverKernelVersion reads kernel version from the kernel image.

This only works for x86 kernel images.

Based on https://www.kernel.org/doc/html/v5.6/x86/boot.html.

func GetSBAT

func GetSBAT(path string) ([]byte, error)

GetSBAT returns the SBAT section from the PE file.

Types

type Builder

type Builder struct {
	// Source options.
	//
	// Arch of the UKI file.
	Arch string
	// Version of Talos.
	Version string
	// Path to the sd-stub.
	SdStubPath string
	// Path to the sd-boot.
	SdBootPath string
	// Path to the kernel image.
	KernelPath string
	// Path to the initrd image.
	InitrdPath string
	// Kernel cmdline.
	Cmdline string
	// SecureBoot certificate and signer.
	SecureBootSigner pesign.CertificateSigner
	// PCR signer.
	PCRSigner measure.RSAKey

	// Output options:
	//
	// Path to the signed sd-boot.
	OutSdBootPath string
	// Path to the output UKI file.
	OutUKIPath string
	// contains filtered or unexported fields
}

Builder is a UKI file builder.

func (*Builder) Build

func (builder *Builder) Build(printf func(string, ...any)) error

Build the UKI file.

Build process is as follows:

• sign the sd-boot EFI binary, and write it to the OutSdBootPath
• build ephemeral sections (uname, os-release), and other proposed sections
• measure sections, generate signature, and append to the list of sections
• assemble the final UKI file starting from sd-stub and appending generated section.