Generate checksums and a backup for /boot, MBR and BIOS.
Go to file
tastytea 775b854cd1
All checks were successful
continuous-integration/drone/push Build is passing
Add info on how to fetch autosign key.
2019-11-20 04:45:21 +01:00
hooks Moved kernel-hook to hooks/kernel-postinst. 2019-06-20 14:30:57 +02:00
init Updated SysVinit script. 2019-03-29 23:51:15 +01:00
.drone.yml Install shellcheck from buster. 2019-06-20 20:54:52 +02:00
.gitignore Added manpage. 2019-02-24 15:29:11 +01:00
build_manpage.sh Added manpage. 2019-02-24 15:29:11 +01:00
hashboot Fixed bugs I introduced while fixing warnings. :-D 2019-06-21 03:30:57 +02:00
hashboot.1.adoc Got rid of table in manpage. 2019-04-12 19:52:41 +02:00
LICENSE Typo. 2019-03-29 23:19:08 +01:00
README.md Add info on how to fetch autosign key. 2019-11-20 04:45:21 +01:00

hashboot hashes all files in /boot and the MBR to check them during early boot. It is intended for when you have encrypted the root partition but not the boot partition. The checksums and a backup of the contents of /boot are stored in /var/lib/hashboot by default. If a checksum doesn't match, you have the option to restore the file from backup.

If there is a core- or libreboot BIOS and flashrom installed, hashboot can check the BIOS for modifications too.

We moved our code to schlomp.space but we keep the GitHub-repo as a mirror.

Install

Packages

Void Linux

xbps-install -S hashboot

Gentoo Linux

Ebuilds are available via the tastytea repository.

emerge -a sys-apps/hashboot
rc-update add hashboot boot

Arch Linux

Use the package from AUR.

Manual

Any distro

The releases on schlomp.space are PGP-signed. The key-ID is F7301ADFC9ED262448C42B64242E5AC4DA587BF9 (242E5AC4DA587BF9). You can fetch it with gpg --locate-key autosign@tastytea.de.

  • Make hashboot executable
  • Place hashboot anywhere in ${PATH}
  • Install the appropriate init script
  • If applicable, copy hooks/kernel-postinst to /etc/kernel/post{inst,rm}.d/zzz-hashboot (make sure it is called after all other hooks)
  • To generate the manpage, install asciidoc and run build_manpage.sh.

Usage

  • First run creates a configuration file. Select the desired checkroutines
  • Run hashboot index to generate checksums and a backup for /boot and MBR
  • Run hashboot check to check /boot and MBR
  • Run hashboot recover to replace corrupted files with the backup

Notes

  • You can't use the openrc/sysv init scripts with parallel boot.
  • The systemd and SysVinit init scripts have not been tested in a while, but will probably work.

License

"THE HUG-WARE LICENSE" (Revision 2):
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
As long as you retain this notice you can do whatever you want with this.
If we meet some day, and you think this is nice, you can give us a hug.