feat: in-memory assembling of the PE binaries #279
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…t packages Now, it is possible to build any package of the workspace in a fine grained fashion.
We want here to capture the required data to assemble a stub, here is a partial structure modulo ESP generation paths. Other pieces of code can consume this structure, validate it before passing it to the PE assembler and the signer. We convert everything into owned structures because we cannot really do deserialization in any context with lifetimes going around, but, allocations are generally very cheap in this context.
In order to offer more flexible signature mechanisms in lanzaboote, we need to take a step back and offer a general PE signature trait. After this, we will be able to plug various different implementations.
Remote signing enables a user to request for: - PE signature of a given store path, which is assumed to be available on the server side - PE signature oi a stub given by its parameters, which are assumed to be analyzable on the server side (i.e. computing hashes is possible.) - Verifying if a PE signature is correct according to PE signatures and Secure Boot policy
It is now possible to use remote signature inside lzbt-systemd.
This is an example server to perform remote signatures based on stub parameters provided.
Our lanzaboote integration tests are getting more and more sophisticated and ambitious. Let's extract them into a "lanzalib", so they can be used with multiple backends.
We build lanzasignd now as part of the flake as an additional software we provide.
Introduces the Secure Boot remote signing server for NixOS.
Lanzaboote boot module now supports using a potential remote signer server, but this support is limited to the lanzaboote bootables and not the fwupd ones.
A simple test harness for remote signatures with lanzasignd.
We didn't test if there *was* a signature, idempotency of removal of signatures (i.e. removing an non-existent signature is the identity operation) could fool us into believing we had a signed thing then not signed.
This is relevant for a remote signer who relies on the existence of store paths remotely, for example.
…ot needed We should wait on the upstream PR to be merged so we can get rid of the flake reference.
Life is too short to guess why EDK2 is broken, hence, I needed to debug the PE loader and I wrote that in another project for debugging a kernel. Here we go for this project.
`lanzaboote_image` is no more, we directly go from a set of stub parameters to the in-memory representation of the final image. Whatever the consumer wants to do with it, they are free to do so. For now, we redump it into a temporary directory to make the changes minimal. This depends on an unreleased branch of Goblin.
|
It'd be awesome if you can untangle this from #278 |
|
I'd find it easier for me to keep it tangled and just rebase once 278 goes in |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Finally, @nikstur, rejoice. This stops using
objcopyto assemble the PE binaryI need to finish merging this back to Goblin before we can really merge it,
i.e. depends on m4b/goblin#381m4b/goblin#389.Depends on #278 for practical reasons.