Decrypt ospkg (!241) · Merge requests · system-transparency / core / stboot

erikhagopian requested to merge erikhagopian/stboot:decrypt-ospkg into main Dec 17, 2024

Adds support for decrypting an OS package which has been encrypted by the "age" (https://github.com/FiloSottile/age) encryption tool, by using "age" as a new, direct dependency.

The feature is enabled if the "/etc/trust_policy/decryption_identities.txt" file exists in the initramfs. The file is used as an "age" identity to decrypt the OS package, unless it is the provisioning OS package.

Decrypt ospkg

Merge request reports