hashboot/README.md

**hashboot** hashes all files in `/boot` and the MBR to check them during early
boot. It is intended for when you have encrypted the root partition but not the
boot partition. The checksums and a backup of the contents of `/boot` are stored
in `/var/lib/hashboot` by default. If a checksum doesn't match, you have the
option to restore the file from backup.

If there is a core- or libreboot BIOS and [flashrom](https://flashrom.org/)
installed, **hashboot** can check the BIOS for modifications too.

# Install

## Packages

### Void Linux

``` shellsession
xbps-install -S hashboot
```

### Gentoo

Ebuilds are available via the
[tastytea repository](https://schlomp.space/tastytea/overlay).

## Manual

* Make hashboot executable
* Place hashboot anywhere in ${PATH}
* Install the appropriate init script
* If applicable, copy kernel-hook to /etc/kernel/post{inst,rm}.d/zzz-hashboot
(make sure it is called after all other hooks)
* To generate the manpage, install [asciidoc](http://asciidoc.org/) and run
`build_manpage.sh`.

# Usage

* First run creates a configuration file. Select the desired checkroutines
* Run `hashboot index` to generate checksums and a backup for /boot and MBR
* Run `hashboot check` to check /boot and MBR
* Run `hashboot recover` to replace corrupted files with the backup

# Notes

* You can't use the openrc/sysv init scripts with parallel boot.
* The systemd and SysVinit init scripts have not been tested in a while, but
will probably work.

# License

```PLAIN
"THE HUG-WARE LICENSE" (Revision 2):
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
As long as you retain this notice you can do whatever you want with this.
If we meet some day, and you think this is nice, you can give us a hug.
```
Mention MBR in description. 2019-02-24 13:06:10 +01:00			hashboot hashes all files in `/boot` and the MBR to check them during early
			`boot. It is intended for when you have encrypted the root partition but not the`
			boot partition. The checksums and a backup of the contents of `/boot` are stored
			in `/var/lib/hashboot` by default. If a checksum doesn't match, you have the
			`option to restore the file from backup.`
Umm… test? 2015-10-17 23:45:49 +02:00
Edited README, aesthetically. 2019-03-29 23:08:03 +01:00			`If there is a core- or libreboot BIOS and [flashrom](https://flashrom.org/)`
			`installed, hashboot can check the BIOS for modifications too.`
Update README.md 2019-02-24 14:25:57 +01:00
Introducing README.md 2015-10-17 23:23:50 +02:00			`# Install`
Cleaned up documentation, deleted ebuild. 2019-02-24 12:29:59 +01:00
Added installation instructions for Void and Gentoo. 2019-03-29 23:16:46 +01:00			`## Packages`

			`### Void Linux`

			``` shellsession
			`xbps-install -S hashboot`
			```

			`### Gentoo`

			`Ebuilds are available via the`
			`[tastytea repository](https://schlomp.space/tastytea/overlay).`

			`## Manual`

More readme updates 2015-10-18 00:03:22 +02:00			`* Make hashboot executable`
Edited README, aesthetically. 2019-03-29 23:08:03 +01:00			`* Place hashboot anywhere in ${PATH}`
Introducing README.md 2015-10-17 23:23:50 +02:00			`* Install the appropriate init script`
Edited README, aesthetically. 2019-03-29 23:08:03 +01:00			`* If applicable, copy kernel-hook to /etc/kernel/post{inst,rm}.d/zzz-hashboot`
			`(make sure it is called after all other hooks)`
			`* To generate the manpage, install [asciidoc](http://asciidoc.org/) and run`
			`build_manpage.sh`.
Introducing README.md 2015-10-17 23:23:50 +02:00
			`# Usage`
Edited README, aesthetically. 2019-03-29 23:08:03 +01:00
			`* First run creates a configuration file. Select the desired checkroutines`
			* Run `hashboot index` to generate checksums and a backup for /boot and MBR
			* Run `hashboot check` to check /boot and MBR
			* Run `hashboot recover` to replace corrupted files with the backup
Introducing README.md 2015-10-17 23:23:50 +02:00
			`# Notes`
Cleaned up documentation, deleted ebuild. 2019-02-24 12:29:59 +01:00
Readme-updates 2015-10-17 23:57:38 +02:00			`* You can't use the openrc/sysv init scripts with parallel boot.`
Added note about untested init scripts. 2019-03-29 23:54:42 +01:00			`* The systemd and SysVinit init scripts have not been tested in a while, but`
			`will probably work.`
Cleaned up documentation, deleted ebuild. 2019-02-24 12:29:59 +01:00
			`# License`

			```PLAIN
addition 2019-02-24 15:30:04 +01:00			`"THE HUG-WARE LICENSE" (Revision 2):`
			`teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.`
Edited README, aesthetically. 2019-03-29 23:08:03 +01:00			`As long as you retain this notice you can do whatever you want with this.`
addition 2019-02-24 15:30:04 +01:00			`If we meet some day, and you think this is nice, you can give us a hug.`
Cleaned up documentation, deleted ebuild. 2019-02-24 12:29:59 +01:00			```