Generate checksums and a backup for /boot, MBR and BIOS.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
tastytea 775b854cd1
Add info on how to fetch autosign key.
4 months ago
hooks Moved kernel-hook to hooks/kernel-postinst. 9 months ago
init Updated SysVinit script. 1 year ago
.drone.yml Install shellcheck from buster. 9 months ago
.gitignore Added manpage. 1 year ago
LICENSE Typo. 1 year ago
README.md Add info on how to fetch autosign key. 4 months ago
build_manpage.sh Added manpage. 1 year ago
hashboot Fixed bugs I introduced while fixing warnings. :-D 9 months ago
hashboot.1.adoc Got rid of table in manpage. 11 months ago

README.md

hashboot hashes all files in /boot and the MBR to check them during early boot. It is intended for when you have encrypted the root partition but not the boot partition. The checksums and a backup of the contents of /boot are stored in /var/lib/hashboot by default. If a checksum doesn’t match, you have the option to restore the file from backup.

If there is a core- or libreboot BIOS and flashrom installed, hashboot can check the BIOS for modifications too.

We moved our code to schlomp.space but we keep the GitHub-repo as a mirror.

Install

Packages

Void Linux

xbps-install -S hashboot

Gentoo Linux

Ebuilds are available via the tastytea repository.

emerge -a sys-apps/hashboot
rc-update add hashboot boot

Arch Linux

Use the package from AUR.

Manual

Any distro

The releases on schlomp.space are PGP-signed. The key-ID is F7301ADFC9ED262448C42B64242E5AC4DA587BF9 (242E5AC4DA587BF9). You can fetch it with gpg --locate-key autosign@tastytea.de.

  • Make hashboot executable
  • Place hashboot anywhere in ${PATH}
  • Install the appropriate init script
  • If applicable, copy hooks/kernel-postinst to /etc/kernel/post{inst,rm}.d/zzz-hashboot (make sure it is called after all other hooks)
  • To generate the manpage, install asciidoc and run build_manpage.sh.

Usage

  • First run creates a configuration file. Select the desired checkroutines
  • Run hashboot index to generate checksums and a backup for /boot and MBR
  • Run hashboot check to check /boot and MBR
  • Run hashboot recover to replace corrupted files with the backup

Notes

  • You can’t use the openrc/sysv init scripts with parallel boot.
  • The systemd and SysVinit init scripts have not been tested in a while, but will probably work.

License

"THE HUG-WARE LICENSE" (Revision 2):
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
As long as you retain this notice you can do whatever you want with this.
If we meet some day, and you think this is nice, you can give us a hug.