1. 05 Nov, 2021 1 commit
  2. 04 Nov, 2021 2 commits
    • Kyle Rankin's avatar
      Update BG color config variable to new value · 14091a19
      Kyle Rankin authored
      14091a19
    • Kyle Rankin's avatar
      Detect added/removed files in root scan · a205818c
      Kyle Rankin authored
      Forum member Caliga made a feature request to detect not only hash
      changes, but also any time a file was added or removed, and provided a
      short snippet example to accomplish it.
      
      I used that snippet as a starting point to implement this new feature. I
      also detected and fixed an edge case in kexec-select-boot where
      re-signing files would result in /tmp/kexec/ being wiped out, which
      triggered an error in kexec-select-boot as
      /tmp/kexec/kexec_menu_list.txt was missing.
      
      With this feature, you will see both additions and removals. Additions
      will be prefaced by + and deletions by - in the resulting file list. I
      also implemented this scan before the hash check, so that it didn't
      disrupt the re-signing workflow already in place. It makes sense to
      scan, inform the user, but wait for re-signing until you also scan
      hashes.
      a205818c
  3. 27 Oct, 2021 3 commits
    • Matt Devillier's avatar
      build/build_release.sh: Add build scripts · dad4d075
      Matt Devillier authored
      
      
      Add scripts to build all Librem boards, build a full release.
      Signed-off-by: Matt Devillier's avatarMatt DeVillier <matt.devillier@puri.sm>
      dad4d075
    • Kyle Rankin's avatar
      Make root disk hashing settings configurable · 5b2b491c
      Kyle Rankin authored and Matt Devillier's avatar Matt Devillier committed
      The root device and the list of root directories to hash is a
      configurable option and this change adds hooks into the config-gui.sh
      script as well as all the librem board configs to allow a user to
      customize this setting.
      
      Additionally, add option to automatically check root hashes at boot
      
      This is an optional feature (and disabled by default) but some have
      already expressed interest in being able to automatically check the root
      filesystem hashes at each boot. This adds that feature to the config gui
      tool as well as adds a simple hook into kexec-select-boot where it scans
      boot hashes.
      
      I also added an option to pass an argument to root-hashes-gui.sh to
      perform a standalone check without enabling the full GUI.
      5b2b491c
    • Kyle Rankin's avatar
      Add Root file hash feature · f690a176
      Kyle Rankin authored and Matt Devillier's avatar Matt Devillier committed
      Currently Heads will check files in /boot for tampering before booting
      into a system. It would be nice if you could use the trusted environment
      within Heads and extend this to check files in / itself. This new script
      adds that functionality, however due to the length of time it takes to
      perform these kinds of checks, it doesn't run automatically (yet).
      
      This could be extended in the future to allow the user to hard-code the
      root device in the config gui (like they can with the /boot device) as
      well as allow the user to set/change the list of directories this
      script hashes. The plumbing for this is already there in the script
      itself, but to simplify this change I haven't added any hooks into the
      config GUI.
      
      We could also look into adding a feature later that would automatically
      check all of the hashes in / just like it does files in /boot, before
      booting into a system.
      
      To make this a bit easier to use, I added a feature to detect whether
      the hash file exists and if not, to display a more limited menu to the
      user guiding them to create the initial hash file. Otherwise it will
      display the date the file was last modified, which can be useful to
      determine how stale it is.
      f690a176
  4. 26 Oct, 2021 17 commits
  5. 22 Oct, 2021 1 commit
  6. 21 Oct, 2021 1 commit
  7. 20 Oct, 2021 1 commit
  8. 15 Oct, 2021 14 commits