Bahlongoza ukwenza inqubo ye-Linux boot ibe yesimanje

Darkcrizt

Imizuzu ye-4

I-Boot Ethembekile

Ibhuthi entsha ye-Linux izosebenza kahle esikhathini esizayo ngokugxila ekuqineni nasekusebenziseni kalula.

Lennart Pottering (umdali we-Systemd) wazise muva nje isiphakamiso sokwenza inqubo yokuqalisa ibe yesimanjemanje kwezabelo ye-Linux, ngenhloso yokuxazulula izinkinga ezikhona futhi wenze kube lula ukuhlelwa kwebhuthi eqinisekisiwe egcwele, eqinisekisa ubuqiniso be-kernel kanye nemvelo yesistimu engaphansi.

Izinguquko Ezihlongozwayo zehliselwa ku ukudalwa kwesithombe esisodwa samazwe ngamazwe se-UKI (Isithombe Se-Kernel Ehlanganisiwe) ehlanganisa isithombe se-kernel Umshayeli we-Linux ukulayisha i-kernel kusuka ku-UEFI (UEFI boot stub) kanye nesistimu yemvelo initrd ilayishwe kumemori, esetshenziselwa ukuqaliswa kokuqala esiteji ngaphambi kokukhweza i-FS.

Esikhundleni sesithombe se-ramdisk initrd, lonke uhlelo lungagcwaliswa ku-UKI, okuvumela ukudalwa kwezindawo zesistimu eziqinisekiswe ngokugcwele ezilayishwa ku-RAM. Isithombe se-UKI sihlanganiswe njengefayela elisebenzisekayo ngefomethi ye-PE, engakwazi ukulayishwa kuphela ngama-bootloaders endabuko, kodwa futhi ingabizwa ngokuqondile ku-firmware ye-UEFI.

Amandla okushaya ucingo avela ku-UEFI avumela ukusetshenziswa kokufaneleka kwesiginesha yedijithali nokuhlola ubuqotho engahlanganisi i-kernel kuphela, kodwa futhi nokuqukethwe kwe-initrd. Ngesikhathi esifanayo, ukusekelwa kwamakholi asuka kuma-bootloader endabuko kuvumela izici zokulondoloza ezifana nokuletha izinguqulo eziningi ze-kernel nokuhlehla ngokuzenzakalelayo ku-kernel esebenzayo uma kwenzeka izinkinga nge-kernel entsha zitholwa ngemva kokufaka inguqulo yakamuva.

Okwamanje, ukusetshenziswa kokusabalalisa okuningi kwe-Linux uchungechunge "i-firmware → ungqimba lwe-Microsoft shim olusayinwe ngedijithali → ukusabalalisa okusayinwe ngedijithali I-GRUB bootloader → ukusabalalisa okusayinwe ngedijithali I-Linux kernel → indawo ye-initrd engasayiniwe → impande ye-FS" kunqubo yokuqalisa. Ukuhlola i-initrd akukho ekusatshalalisweni kwendabuko kudala izinkinga zokuphepha, njengoba, phakathi kwezinye izinto, le ndawo ikhipha izikhiye zokususa ukubethela impande ye-FS.

Ukuqinisekiswa kwesithombe se-initrd akusekelwe, njengoba leli fayela likhiqizwa ohlelweni lwasendaweni lomsebenzisi futhi alikwazi ukuqinisekiswa isiginesha yedijithali yokusabalalisa, okwenza kube nzima kakhulu ukuhlela ukuqinisekiswa lapho usebenzisa imodi ye-SecureBoot (ukuqinisekisa i-initrd, umsebenzisi udinga ukukhiqiza okhiye bakho futhi abalayishe kokuthi UEFI firmware).

Futhi, inhlangano ekhona yokuqalisa ayikuvumeli ukusetshenziswa kolwazi oluvela kumarejista e-TPM PCR (I-Platform Configuration Registry) ukuze ulawule ubuqotho bezingxenye ze-userspace ngaphandle kwe-shim, grub, ne-kernel. Phakathi kwezinkinga ezikhona, inkimbinkimbi yokubuyekeza i-bootloader kanye nokungakwazi ukukhawulela ukufinyelela kokhiye ku-TPM ezinguqulweni ezindala zesistimu yokusebenza eziye zangasenamsebenzi ngemva kokufaka isibuyekezo nazo ziyashiwo.

Izinjongo ezinkulu zokuqalisa isakhiwo esisha se-boot:

  • Nikeza ngenqubo yokulanda eqinisekiswe ngokugcwele, ehlanganisa zonke izigaba ukusuka ku-firmware kuya esikhaleni somsebenzisi, nokuqinisekisa ukufaneleka nobuqotho bezingxenye ezilandiwe.
  • Ukuxhumanisa izinsiza ezilawulwayo kumarejista e-TPM PCR ngokuhlukaniswa ngabanikazi.
  • Ikhono lokubala kuqala amanani e-PCR asuselwa ku-kernel boot, initrd, ukumisa, kanye ne-ID yesistimu yendawo.
  • Ukuvikelwa ekuhlaselweni kokuhlehliswa okuhlobene nokubuyela enguqulweni yangaphambili esengozini yesistimu.
  • Yenza kube lula futhi uthuthukise ukwethembeka kwezibuyekezo.
  • Ukusekela ukuthuthukiswa kwe-OS okungadingi ukuphinda kufakwe isicelo noma ukunikezela ngezinsiza ezivikelwe nge-TPM endaweni.
  • Ilungiselela isistimu yesitifiketi sesilawuli kude ukuze kuqinisekiswe ukulunga kwesistimu yokusebenza nokucushwa kwe-boot.
  • Ikhono lokunamathisela idatha ebucayi kuzigaba ezithile zokuqalisa, isibonelo ngokukhipha okhiye bokubethela bempande ye-FS ku-TPM.
  • Nikeza ngenqubo ephephile, ezenzakalelayo nethule ukuze uvule okhiye ukuze ususe ukubethela idrayivu ene-root partition.
  • Ukusetshenziswa kwama-chips asekela ukucaciswa kwe-TPM 2.0, okunekhono lokubuyela emuva kumasistimu ngaphandle kwe-TPM.

Izinguquko ezidingekayo ukusebenzisa i-architecture entsha sezivele zifakiwe ku-systemd codebase futhi ithinte izingxenye ezifana ne-systemd-stub, systemd-measure, systemd-cryptenroll, systemd-cryptsetup, systemd-pcrphase, kanye ne-systemd-creds.

Okokugcina uma unentshisekelo yokwazi kabanzi ngakho, ungabheka imininingwane kufayela le- isixhumanisi esilandelayo.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   luix kusho
    kwenza iminyaka 2

    Udoti omningi ovela ku-lennart..

    Phendula ku-luix