Bacebisa ukwenza inkqubo yokuqalisa iLinux ibe yangoku

Darkcrizt

Imizuzu ye4

I-Boot ethembekileyo

I-Linux boot entsha iya kusebenza kakuhle kwixesha elizayo ngokugxila ekomeleleni kunye nokulula.

Ukubonga kukaLennart (umyili we Systemd) yazise kutshanje isindululo sokuphucula inkqubo yokuqalisa wolwabiwo ye Linux, ngenjongo yokusombulula iingxaki ezikhoyo kwaye wenze lula umbutho we-boot epheleleyo eqinisekisiweyo, eqinisekisa ubunyani be-kernel kunye nemeko yenkqubo engaphantsi.

Iinguqu ezicetywayo zincitshiswa zibe ukwenziwa komfanekiso omnye we-UKI jikelele (Umfanekiso weKernel oManyeneyo) edibanisa umfanekiso wekernel Umqhubi we Linux ukulayisha i kernel kwi UEFI (UEFI boot stub) kunye nenkqubo yokusingqongileyo initrd ilayishwe kwinkumbulo, esetyenziselwa ukuqaliswa kokuqala kwinqanaba ngaphambi kokunyuka kweFS.

Endaweni yomfanekiso weramdisk initrd, yonke inkqubo inokupakishwa kwi-UKI, ukuvumela ukudalwa kweemeko zenkqubo engqinisiswe ngokupheleleyo elayishwe kwi-RAM. Umfanekiso we-UKI upakishwe njengefayile ephunyezwayo kwifomathi ye-PE, engenakho ukulayishwa kuphela nge-bootloaders yendabuko, kodwa inokubizwa ngokuthe ngqo kwi-firmware ye-UEFI.

Ukukwazi ukufowuna kwi-UEFI kuvumela ukusetyenziswa kokuqinisekiswa kwesiginesha yedijithali kunye nokukhangela ingqibelelo engagubungeli kuphela ikernel, kodwa nemixholo ye initrd. Kwangaxeshanye, inkxaso yeefowuni ezisuka kwizilayishi zemveli zesiNtu ivumela ugcino lweempawu ezinjengokuhambisa iinguqulelo ezininzi zekernel kunye nokuqengqeleka umva ngokuzenzekelayo kwikernel esebenzayo ukuba kunokwenzeka iingxaki zekernel entsha zichongiwe emva kokufaka inguqulelo yamva nje.

Okwangoku, uninzi lweLinux zonikezelo zisebenzisa ikhonkco "i-firmware → isayiniwe ngokwamanani Microsoft shim umaleko → usasazo olusayinwe ngokwamanani I-GRUB isilayishi sokuqala → usasazo olusayinwe ngokwamanani Linux kernel → imeko-bume ye-initrd engatyikitywanga → ingcambu yeFS" kwinkqubo yokuqalisa. Ayikho initrd check kulwabiwo lwemveli kudala iingxaki zokhuseleko, kuba, phakathi kwezinye izinto, le meko-bume ikhupha izitshixo zokususa ukuntsonkotha kwengcambu yeFS.

Ukuqinisekiswa komfanekiso we-initrd akuxhaswanga, ukusukela ukuba le fayile iveliswa kwinkqubo yendawo yomsebenzisi kwaye ayinakuqinisekiswa ngumsayino wedijithali wonikezelo, nto leyo eyenza kube nzima ukucwangcisa uqinisekiso xa usebenzisa imo yeSecureBoot (ukuqinisekisa i-initrd, umsebenzisi kufuneka enze izitshixo zakho kwaye azilayishe kwi. UEFI firmware).

Kwakhona, umbutho okhoyo wesiqalo awuvumeli ukusetyenziswa kolwazi kwiirejista ze-TPM PCR (iRejistri yoLungiselelo lwe-Platform) ukulawula imfezeko yamacandelo esithuba somsebenzisi ngaphandle kwe-shim, i-grub, kunye ne-kernel. Phakathi kweengxaki ezikhoyo, inkathazo yokuhlaziya i-bootloader kunye nokungakwazi ukukhawulela ukufikelela kwizitshixo kwi-TPM kwiinguqulelo ezindala zenkqubo yokusebenza eziye zangabalulekanga emva kokufaka ukuhlaziywa nazo zikhankanyiwe.

Iinjongo eziphambili zokuphumeza uyilo olutsha lwe-boot:

  • Ukubonelela ngenkqubo yokhuphelo eqinisekisiwe ngokupheleleyo, egubungela zonke izigaba ukusuka kwi-firmware ukuya kwindawo yomsebenzisi, kunye nokuqinisekisa ukunyaniseka kunye nokunyaniseka kwamacandelo akhutshelweyo.
  • Ukudibanisa izibonelelo ezilawulwayo kwiirejista ze-TPM zePCR ngokwahlulwa ngabanini.
  • Ukukwazi ukubala amaxabiso ePCR kwangaphambili asekwe kwi-kernel boot, initrd, uqwalaselo, kunye ne-ID yenkqubo yendawo.
  • Ukukhuselwa kuhlaselo lokubuyela umva olunxulumene nokubuyela kuguqulelo olusesichengeni lwangaphambili lwenkqubo.
  • Yenza lula kwaye uphucule ukuthembeka kohlaziyo.
  • Inkxaso yohlaziyo lwe-OS olungadingi kuphinda kufakwe isicelo okanye kunikezelwe ngezixhobo ezikhuselweyo zeTPM ekuhlaleni.
  • Ukulungiselela inkqubo yesatifikethi esikude ukuqinisekisa ukuchaneka kwenkqubo yokusebenza kunye noqwalaselo lwesiqalo.
  • Ukukwazi ukuncamathela idata enovakalelo kwizigaba ezithile zokuqalisa, umzekelo ngokukhupha izitshixo zoguqulelo oluntsonkothileyo zengcambu yeFS esuka kwiTPM.
  • Ukubonelela ngenkqubo ekhuselekileyo, ezenzekelayo kunye nethuleyo yokuvula izitshixo zokususa uguqulelo oluntsonkothileyo lwedrayivu enezahlulo zeengcambu.
  • Ukusetyenziswa kwee-chips ezixhasa ukucaciswa kwe-TPM 2.0, kunye nokukwazi ukubuyela kwiinkqubo ngaphandle kwe-TPM.

Utshintsho oluyimfuneko ukuphumeza ulwakhiwo olutsha sele zibandakanyiwe kwi-systemd codebase kunye nokuchaphazela amacandelo afana ne-systemd-stub, i-systemd-measure, i-systemd-cryptenroll, i-systemd-cryptsetup, i-systemd-pcrphase, kunye ne-systemd-creds.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungazijonga iinkcukacha kwi ukulandela ikhonkco.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   luyo sitsho
    yenzayo 2 iminyaka

    Inkunkuma eninzi evela kwi-lennart..

    Phendula ku-luix