Skip to content

Commit f9a5bc0

Browse files
committed
WIP
1 parent aafe34b commit f9a5bc0

File tree

5 files changed

+28
-12
lines changed

5 files changed

+28
-12
lines changed

flake.lock

Lines changed: 7 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

flake.nix

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,7 @@
158158

159159
nix-store-veritysetup-generator = {
160160
# FIXME: Move to github:tiiuae
161-
url = "github:avnik/nix-store-veritysetup-generator?ref=avnik/ghaf";
161+
url = "github:avnik/nix-store-veritysetup-generator/ghaf";
162162
inputs = {
163163
nixpkgs.follows = "nixpkgs";
164164
flake-parts.follows = "flake-parts";

modules/development/debug-tools.nix

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,9 @@ in
4040

4141
# FSS (Forward Secure Sealing) integrity test
4242
fss-test
43+
44+
# For debug complicated issues
45+
pkgs.strace
4346
]
4447
++ rmDesktopEntries [
4548
pkgs.htop

modules/partitioning/mk-manifest.py

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
#!/usr/bin/env python3
22
# SPDX-FileCopyrightText: 2022-2026 TII (SSRC) and the Ghaf contributors
33
# SPDX-License-Identifier: Apache-2.0
4+
import hashlib
45
import sys
56
import json
67
import os
@@ -19,6 +20,14 @@ def rename(filename, version, fragment):
1920
return new
2021

2122

23+
def sha256_file(path: str) -> str:
24+
h = hashlib.sha256()
25+
with open(path, "rb") as f:
26+
for chunk in iter(lambda: f.read(1024 * 1024), b""):
27+
h.update(chunk)
28+
return h.hexdigest()
29+
30+
2231
def main():
2332
if len(sys.argv) != 7:
2433
print(
@@ -48,15 +57,15 @@ def main():
4857
"root_verity_hash": root_verity_hash,
4958
"root": {
5059
"file": os.path.basename(store),
51-
"sha256": "fixme",
60+
"sha256": sha256_file(store),
5261
},
5362
"verity": {
5463
"file": os.path.basename(verity),
55-
"sha256": "fixme",
64+
"sha256": sha256_file(verity),
5665
},
5766
"kernel": {
5867
"file": os.path.basename(kernel),
59-
"sha256": "fixme",
68+
"sha256": sha256_file(kernel),
6069
},
6170
}
6271
manifest = json.dumps(manifest, indent=True)

modules/partitioning/verity-volume.nix

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,9 +85,13 @@ in
8585

8686
ghaf.graphics.boot.enable = lib.mkForce (!debugEnable); # FIXME: temporary
8787

88+
# Show pretty name in bootloader
89+
system.nixos.extraOSReleaseArgs = {
90+
PRETTY_NAME = "Ghaf ${config.ghaf.version}"; # FIXME: Probably too global override
91+
};
8892
boot = {
8993
kernelParams = [
90-
"storehash=${roothashPlaceholder}" # See `ghaf-store-veritysetup.enable` for details
94+
"ghaf.storehash=${roothashPlaceholder}" # See `ghaf-store-veritysetup.enable` for details
9195
"systemd.verity_root_options=panic-on-corruption"
9296
"ghaf.revision=${config.ghaf.version}" # Help ghaf-veritysetup-generator to find root and verity volumes
9397
]

0 commit comments

Comments
 (0)