Add "Dasharo Tools Suite (Beta)" to iPXE menu entry #1041
Comments
|
An idea would be to have references to latest ipxe kernel (symlinks) so that Heads could download and boot from it. Just a thought. If those were detached signed, they coukd also be verified for integrity authr tifity prior of being kexec'ed into, without the need from Heads to use ipxe altogether. Credentials could be included in cbfs from Head side with a menu, and passed on kexec call by modifying initrd, just like heads does for tpm DUK. Should I open a seperate issue? How : symlinks + detached signatures needed, with base image parsing if credential file passed into cpio (heads uses secret.key) which is valid only through initramfs phase. Otherwise another mechanism to pass credentials would be needed somehow : do once and works. Could even be a file prompted by Heads to be injected as user type 50 file, only to be extracted under /tmp/secrets and wiped on boot/access to recovery shell. Simple. Ex symlinks: https://boot.dasharo.com/dts/bzimage-latest - > https://boot.dasharo.com/dts/v2.0.0-rc5/bzImage-v2.0.0-rc5 https://boot.dasharo.com/dts/v2.0.0-rc5/dts-base-image-latest -> https://boot.dasharo.com/dts/v2.0.0-rc5/dts-base-image-v2.0.0-rc5.cpio.gz Etc and same for detached signatures (sig/asc). Heads would point to latest files for download in ram, verify, then inject cred into reconstructed cpio then kexec into it. I can use this comment to open a referee issue if needed. I think this would be beneficial since fwupd doesn't seem to be on roadmap soon and beta testing/release would be made easy through usb tethering/rj45, easily through an option menu. |
Add new menu next to: https://github.com/Dasharo/dasharo-blobs/blob/main/dasharo/dasharo.ipxe#L23
That would boot from: https://boot.dasharo.com/dts/dts-rc.ipxe where releases from
developbranch land.The text was updated successfully, but these errors were encountered: