[systemd-devel] golang ukifier
Itxaka Serrano Garcia
itxaka.garcia at spectrocloud.com
Mon Jun 24 12:29:07 UTC 2024
Hey all,
you already know us, from Kairos and bothering the list with a lot of
stupid questions lately :D
We been using the upstream systemd-ukify for a while now as it provides a
perfect builder for uki files with measurements and signing and everything
on it, but as its a python package we have been having issues providing it
in our Kairos iso/uki builder as the base image that we use might not have
all deps, we may want to use ukify in a broad different OS and wanted to
have the latest version of the util everywhere and so on.
So checking out we found out that talos had the ukify work halfway there so
we worked on it a bit, extracted it and extended it to provide any missing
functionality and now have a golang ukifier (only dependency is objcopy)
that provides a single binary to build ukis with measurements, sb signed,
signed measurements and such.
We were wondering if this is something that would interest systemd to have
it under its umbrella? We understand that the future is pcrlock and all the
measurements it brings (not only PCR11) but we think that there is still a
nice for offline pcr11 measurements in there and pcrlock is still unstable
until 257 which means that the best use case now can only use pcr11
measurements.
Anyway, too long already, just letting you folks know that if it's
something that might interest systemd we are willing to work on this with
y'all.
Cheers!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20240624/421101d9/attachment.htm>
More information about the systemd-devel
mailing list