Skip to content
Snippets Groups Projects

Decrypt ospkg

Merged erikhagopian requested to merge erikhagopian/stboot:decrypt-ospkg into main

Implementation for "Proposal to add support for decrypting an OS package" (2024-12-17-decrypt-ospkg.md).

Add support for decrypting an OS package, including its associated descriptor, which has been encrypted by the "age" (https://github.com/FiloSottile/age) encryption tool, by using "age" as a new, direct dependency. Decryption is applied on the descriptor and the OS package archive, directly after fetching them, producing new and unencrypted archives that can be processed as usual.

The feature can be considered as an additional layer of transport encryption and applies only to OS packages and descriptors that are fetched over the network.

Add support for providing an "age" identity file using the X25519 recipient type format (https://github.com/C2SP/C2SP/blob/main/age.md#the-x25519-recipient-type) with file name /etc/trust_policy/decryption_identities in the initramfs to enable the feature.

Edited by erikhagopian

Merge request reports

Merged by Niels MöllerNiels Möller 2 months ago (Jan 10, 2025 1:23pm UTC)

Loading

Pipeline #5595 passed

Pipeline passed for d75cfff4 on main

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply
Loading