Releases: osresearch/safeboot
Releases · osresearch/safeboot
Recovery signing, rollback protection, and less brittle PCRs
09da63b
This commit was signed with the committer’s verified signature.
The key has expired.
osresearch
Trammell Hudson
Lots of improved features:
- Added signed PCRs (#58)
- Predict PCR4 and PCR2 based on
sbsign --hash-only - Added TPM counters for rollback protection (#62)
- TPM unsealing PINs (#5 )
- safeboot.conf is now included in the initrd, fewer params on command line (#13 )
- Recovery boot can now sign and hash root filesystem (#65)
- Helpers for recovery boot to unlock cryptdisk, mount filesystems, etc (#56)
- No more perl in /sbin/safeboot (#56)
shellchecked
Lots of documentation updates, some helpers for read-only mounts, and a few bugs caught by shellcheck.
sip-init works
b83a7ce
This commit was signed with the committer’s verified signature.
osresearch
Trammell Hudson
This one works all the way through on a fresh install, with instructions for doing sip-init to enable the read-only root filesystem and dmverity.
Works-for-me
Initial release, works for me on a fresh Ubuntu 20.04 install on a Thinkpad.