/stboot

The reference bootloader implementation for System Transparency

Primary LanguageGoBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

stboot

The reference bootloader implementation for System Transparency.

Description

The stboot bootloader can be used as an init program inside an initramfs and is designed to be combined with a Linux kernel to form a LinuxBoot distribution. It is closely related to the u-root project. On the one hand, stboot depends on some standard Linux tools packages provided by u-root, on the other hand, u-root is used to create an initramfs including stboot.

Usage

Make sure your Go version is >=1.13 && <1.16. Make sure your GOPATH is set up correctly. Although using modules, stboot still vendors dependencies to work smoothly with u-root. So if you are usually working with go modules enabled do the following in your working directory:

mkdir go
export GO111MODULE=off
export GOPATH=${PWD}/go

Download and install u-root and stboot:

go get github.com/u-root/u-root
go get github.com/system-transparency/stboot

Build an initramfs:

./go/bin/u-root -o initramfs.cpio -uinitcmd stboot github.com/u-root/u-root/cmds/core/{init,elvish,ls} github.com/system-transparency/stboot

There should be your brand new initramfs.cpio in you working directory.

Test your initramfs (assuming your OS kernel at /boot/vmlinuz):

qemu-system-x86_64 -kernel /boot/vmlinuz -nographic -append "console=ttyS0,115200 uroot.uinitargs='-debug'" -initrd initramfs.cpio -m 2048 --enable-kvm

You should see something like this:

[...]
[    0.689686] Run /init as init process
2021/05/03 12:01:15 Welcome to u-root!
                              _
   _   _      _ __ ___   ___ | |_
  | | | |____| '__/ _ \ / _ \| __|
  | |_| |____| | | (_) | (_) | |_
   \__,_|    |_|  \___/ \___/ \__|

init: 2021/05/03 12:01:15 no modules found matching '/lib/modules/*.ko'
stboot: 
  _____ _______   _____   ____   ____________
 / ____|__   __|  |  _ \ / __ \ / __ \__   __|
| (___    | |     | |_) | |  | | |  | | | |   
 \___ \   | |     |  _ <| |  | | |  | | | |   
 ____) |  | |     | |_) | |__| | |__| | | |   
|_____/   |_|     |____/ \____/ \____/  |_|   

recovery: load security config: read file: open /etc/security_configuration.json: no such file or directory

As long as you can see the stboot banner, everything is fine. The program will exit with an error because of missing configuration data. See https://github.com/system-transparency/system-transparency for details on how to set up System Transparency.