Skip to content

Make the firmware do it!
Compare
Choose a tag to compare
@gicmo gicmo released this 28 Nov 12:43
· 659 commits to master since this release
0.6
This tag was signed with the committer’s verified signature. The key has expired.
gicmo Christian Kellner
GPG key ID: 8C1679124DEC77C7
Expired
Learn about vigilant mode.
0c36feb

From the official 0.6 Release Notes:

New Features:

  • pre-boot access control list, aka. BootACL support [!119]

    • domains objects are now persistent
      • new Uid (dbus) / uid (object) property derived from the uuid of the device representing the root switch
      • sysfs and id attribute will be set/unset on connects and disconnects
      • domains are now stored in the boltd database
    • domains got the BootACL (dbus) / bootacl (object) property
      • uuids can be added, removed or set in batch
      • when domain is online: changes are written to the sysfs boot_acl attribute directly
      • when domain is offline: changes are written to a journal and then reapplied in order when the domain is connected
    • newly enrolled devices get added to all bootacls of all domains if the policy is BOLT_POLICY_AUTO
    • removed devices get deleted from all bootacls of all domains
    • boltacl domain command will show the bootacl slots and their content

  • boltctl gained the -U, --uuid option, to control how uuids are printed [!124]

Improvements and fixes:

  • Testing [!127]

    • The test coverage increased to 84.80% overall and to 90.0% for the boltd source
    • Coverage is reported for merge requests via the fedora ci image [!126]
    • boltctl is now included in the tests [!132]
    • Fedora 29 is used for the fedora ci image

  • Bugs and robustness:

    • The device state is verified in Device.Authorize [!120]
    • Handle empty 'keys' sysfs device attribute [!129]
    • Properly adjust policies when enrolling already authorized devices [!136]
    • Fix potential crasher when logging assertions g_return_if_fail [!121]
Assets 2
Loading