Ivo vanokurudzira kugadzirisa iyo Linux boot process

Darkcrizt

4 maminitsi

Akavimbika Boot

Iyo itsva Linux boot ichashanda zvakanaka mune ramangwana nekutarisa kusimba uye nyore.

Lennart Pottering (mugadziri weSystemd) akazivisa munguva pfupi yapfuura chirevo chekuvandudza maitiro ebhoti yezvipo yeLinux, nechinangwa chekugadzirisa matambudziko aripo uye kurerutsa kurongeka kwebhutsu yakazara yakasimbiswa, ichisimbisa chokwadi chekernel uye pasi pehurongwa nharaunda.

Proposed Changes zvakaderedzwa kusvika kusikwa kweimwe yepasi rose mufananidzo weUK (Mufananidzo Wakabatana Kernel) iyo inobatanidza kernel mufananidzo Linux mutyairi wekutakura kernel kubva kuUEFI (UEFI boot stub) uye system nharaunda initrd yakarodha mundangariro, inoshandiswa pakutanga kwekutanga pachikuva usati waisa FS.

Panzvimbo pemufananidzo we ramdisk initrd, iyo yese system inogona kuzara muUKI, zvichibvumira kugadzirwa kwenzvimbo dzakanyatsosimbiswa system dzakaiswa muRAM. Mufananidzo weUKI wakarongedzwa sefaira rinogoneka mune PE fomati, iyo isingangotakurwe chete neyechinyakare bootloaders, asi inogona zvakare kudaidzwa zvakananga kubva kuEFI firmware.

Iko kugona kufona kubva kuUEFI kunobvumira kushandiswa kwedhijitari siginecha yechokwadi uye cheki yekuvimbika iyo inovhara kwete chete kernel, asiwo zviri mukati meinitrd. Panguva imwecheteyo, tsigiro yemafoni kubva kune echinyakare bootloaders inobvumira kuchengetedza maficha akadai sekuendesa akawanda kernel shanduro uye otomatiki kudzoreredza kumashure kune inoshanda kernel kana matambudziko nekernel nyowani aonekwa mushure mekuisa yazvino vhezheni.

Iye zvino, yakawanda Linux kugovera kushandiswa cheni "firmware → yakasainwa nedhijitari Microsoft shim layer → yakasainwa nedigital kugovera GRUB boot loader → digitally signed distribution Linux kernel → unsigned initrd environment → FS mudzi" mukutanga maitiro. Initrd check isipo mukugovewa kwechinyakare inogadzira matambudziko ekuchengetedza, sezvo, pakati pezvimwe zvinhu, nharaunda ino inoburitsa makiyi ekudzima FS mudzi.

Kuongororwa kwemufananidzo weinitrd hakusi kutsigirwa, sezvo faira iyi inogadzirwa pane yemuno sisitimu uye haigone kusimbiswa nedhijitari siginecha, izvo zvinoita kuti zviome kwazvo kuronga ongororo kana uchishandisa SecureBoot modhi (kuti aone iyo initrd, mushandisi anofanira kugadzira makiyi ako uye oaisa mukati. iyo UEFI firmware).

Uyewo, iyo iripo bhoti sangano haibvumiri kushandiswa kwemashoko kubva kune TPM PCR marejista (Platform Configuration Registry) kudzora kutendeseka kweuserspace zvikamu kunze kweshim, grub, uye kernel. Pakati pematambudziko aripo, kuomerwa kwekugadzirisa bhooloader uye kusakwanisa kurambidza kuwana makiyi muTPM kune ekare mavhezheni eiyo sisitimu yekushandisa iyo yave isina basa mushure mekuisa iyo update inotaurwa zvakare.

Zvinangwa zvikuru zvekushandisa iyo itsva boot architecture:

  • Ipa maitiro ekudhawunirodha akanyatsosimbiswa, anovhara matanho ese kubva kufirmware kuenda kunzvimbo yemushandisi, uye kusimbisa chokwadi uye kuvimbika kwezvikamu zvakadhawunirodwa.
  • Kubatanidza zviwanikwa zvinodzorwa kuTPM PCR marejista nekuparadzaniswa nevaridzi.
  • Kugona precompute PCR kukosha kwakavakirwa kernel boot, initrd, kumisikidza, uye yemuno system ID.
  • Dziviriro kubva pakurwiswa kwekudzoserwa kwakabatana nekudzoka kune yakamboita njodzi vhezheni yesystem.
  • Nyoresa uye uvandudze kuvimbika kwezvigadziriso.
  • Tsigiro yekukwidziridzwa kweOS iyo isingade kunyorerazve kana kupa TPM-yakachengetedzwa zviwanikwa munharaunda.
  • Kugadzirira iyo sisitimu yekuremedza certification kusimbisa kurongeka kweiyo inoshanda sisitimu uye bhoti gadziriso.
  • Iko kugona kubatanidza data rakadzama kune mamwe nhanho dzebhutsu, semuenzaniso nekubvisa encryption makiyi eiyo FS mudzi kubva kuTPM.
  • Ipa yakachengeteka, otomatiki uye yakanyarara maitiro ekuvhura makiyi ekudhipfenyura drive ine midzi yekuparadzanisa.
  • Iko kushandiswa kwemachipi anotsigira iyo TPM 2.0 yakatarwa, nekugona kudonha kumashure kune masisitimu asina TPM.

Kuchinja kunodiwa kushandisa iyo itsva architecture dzakatoverengerwa musystemd codebase uye inokanganisa zvikamu zvakadai se systemd-stub, systemd-measure, systemd-cryptenroll, systemd-cryptsetup, systemd-pcrphase, uye systemd-creds.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo mu inotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   luix akadaro
    inoita 1 gore

    Mamwe marara kubva lennart..

    Pindura kuna luix