Documentation
¶
Overview ¶
Package securelaunch takes integrity measurements before launching the target system.
Index ¶
- Variables
- func AddToPersistQueue(desc string, data []byte, location string, defFile string) error
- func ClearPersistQueue() error
- func GetBlkInfo() error
- func GetFileBytes(fileName string) ([]byte, error)
- func GetMountedFilePath(inputVal string, flags uintptr) (string, error)
- func GetStorageDevice(input string) (*block.BlockDev, error)
- func MountDevice(device *block.BlockDev, flags uintptr) (string, error)
- func ReadFile(fileLocation string) ([]byte, error)
- func UnmountAll() error
- func WriteFile(data []byte, fileLocation string) error
Constants ¶
This section is empty.
Variables ¶
var Debug = func(string, ...interface{}) {}
Debug enables verbose logs if kernel cmd line has uroot.uinitargs=-d flag set. kernel cmdline is checked in sluinit.
var ErrUsage = errors.New("incorrect usage")
ErrUsage indicates a usage error.
var StorageBlkDevices block.BlockDevices
StorageBlkDevices helps securelaunch pkg mount devices.
Functions ¶
func AddToPersistQueue ¶
AddToPersistQueue enqueues an action item to persistData slice so that it can be deferred to the last step of sluinit.
func ClearPersistQueue ¶
func ClearPersistQueue() error
ClearPersistQueue persists any pending data/logs to disk
func GetBlkInfo ¶
func GetBlkInfo() error
GetBlkInfo gets information on all block devices and stores it in the global variable 'StorageBlkDevices'. If it is called more than once, the subsequent calls just return.
In debug mode, it also prints names and UUIDs for all devices.
func GetFileBytes ¶ added in v0.15.0
GetFileBytes reads the given file and returns the contents as a byte slice.
func GetMountedFilePath ¶
GetMountedFilePath returns the file path corresponding to the given <device_identifier>:<path>. <device_identifier> is a Linux block device identifier (e.g, sda or UUID).
func GetStorageDevice ¶
GetStorageDevice parses input of type UUID:/tmp/foo or sda2:/tmp/foo, and returns any matching devices.
func MountDevice ¶
MountDevice looks up mountCache map. if no entry is found, it mounts a device and updates cache, otherwise returns mountPath.
func ReadFile ¶ added in v0.15.0
ReadFile reads a file into a byte slice. It mounts the disk if necessary.
policyLocation is formatted as `<block device id>:<path>`
e.g., sda1:/boot/securelaunch.policy e.g., 4qccd342-12zr-4e99-9ze7-1234cb1234c4:/foo.txt
func UnmountAll ¶
func UnmountAll() error
UnmountAll unmounts all mounted devices from the file heirarchy.
Types ¶
This section is empty.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package config manages configuratino settings for secure launch.
|
Package config manages configuratino settings for secure launch. |
|
Package eventlog parses kernel event logs and saves the parsed data on a file on disk.
|
Package eventlog parses kernel event logs and saves the parsed data on a file on disk. |
|
Package launcher boots the target kernel.
|
Package launcher boots the target kernel. |
|
Package measurement provides different collectors to hash files, disks, dmi info and cpuid info.
|
Package measurement provides different collectors to hash files, disks, dmi info and cpuid info. |
|
Package policy locates and parses a JSON policy file.
|
Package policy locates and parses a JSON policy file. |
|
Package tpm reads and extends pcrs with measurements.
|
Package tpm reads and extends pcrs with measurements. |