Generate checksums and a backup for /boot, MBR and BIOS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tastytea 775b854cd1
Add info on how to fetch autosign key.
3 weeks ago
hooks Moved kernel-hook to hooks/kernel-postinst. 5 months ago
init Updated SysVinit script. 8 months ago
.drone.yml Install shellcheck from buster. 5 months ago
.gitignore Added manpage. 9 months ago
LICENSE Typo. 8 months ago
README.md Add info on how to fetch autosign key. 3 weeks ago
build_manpage.sh Added manpage. 9 months ago
hashboot Fixed bugs I introduced while fixing warnings. :-D 5 months ago
hashboot.1.adoc Got rid of table in manpage. 8 months ago

README.md

hashboot hashes all files in /boot and the MBR to check them during early
boot. It is intended for when you have encrypted the root partition but not the
boot partition. The checksums and a backup of the contents of /boot are stored
in /var/lib/hashboot by default. If a checksum doesn’t match, you have the
option to restore the file from backup.

If there is a core- or libreboot BIOS and flashrom
installed, hashboot can check the BIOS for modifications too.

We moved our code to
schlomp.space but we keep the
GitHub-repo as a mirror.

Install

Packages

Void Linux

xbps-install -S hashboot

Gentoo Linux

Ebuilds are available via the
tastytea repository.

emerge -a sys-apps/hashboot
rc-update add hashboot boot

Arch Linux

Use the package from AUR.

Manual

Any distro

The releases on
schlomp.space are
PGP-signed. The key-ID is F7301ADFC9ED262448C42B64242E5AC4DA587BF9
(242E5AC4DA587BF9). You can fetch it with gpg --locate-key autosign@tastytea.de.

  • Make hashboot executable
  • Place hashboot anywhere in ${PATH}
  • Install the appropriate init script
  • If applicable, copy hooks/kernel-postinst to /etc/kernel/post{inst,rm}.d/zzz-hashboot
    (make sure it is called after all other hooks)
  • To generate the manpage, install asciidoc and run
    build_manpage.sh.

Usage

  • First run creates a configuration file. Select the desired checkroutines
  • Run hashboot index to generate checksums and a backup for /boot and MBR
  • Run hashboot check to check /boot and MBR
  • Run hashboot recover to replace corrupted files with the backup

Notes

  • You can’t use the openrc/sysv init scripts with parallel boot.
  • The systemd and SysVinit init scripts have not been tested in a while, but
    will probably work.

License

"THE HUG-WARE LICENSE" (Revision 2):
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
As long as you retain this notice you can do whatever you want with this.
If we meet some day, and you think this is nice, you can give us a hug.