bolt
Userspace system daemon to enable security levels for Thunderbolt 3 on GNU/Linux.
- Developed at hardware
- Sources inherited from project openSUSE:Factory
-
3
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:PowerPC/bolt && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
bolt-0.7.tar.bz2 | 0000139582 136 KB | |
bolt.changes | 0000002448 2.39 KB | |
bolt.spec | 0000002505 2.45 KB | |
hardening_for_RNG_code.patch | 0000002036 1.99 KB |
Revision 1 (latest revision is 14)
Dominique Leuenberger (dimstar_suse)
accepted
request 663603
from
Tomáš Chvátal (scarabeus_iv)
(revision 1)
- use meson macros during build - Update to 0.7 * Features: - announce status to systemd via sd_notify (using a simple custom implementation) * Bug fixes: - properly update global security level status - adapt to systemd 240 not sending bind/unbind uevents - fix compilation on musl - daemon: use g_unix_signal_source… to catch signals * Improvements - precondition checks cleanup and completion - error cleanup - fix some leaks and issues uncovered by coverity - security review: add RNG hardening patch (boo#1119975): hardening_for_RNG_code.patch Update to 0.6 - New Features: * pre-boot access control list, aka. BootACL support - domains objects are now persistent * new Uid (dbus) / uid (object) property derived from the uuid of the device representing the root switch * sysfs and id attribute will be set/unset on connects and disconnects * domains are now stored in the boltd database - domains got the BootACL (dbus) / bootacl (object) property * uuids can be added, removed or set in batch * when domain is online: changes are written to the sysfs boot_acl attribute directly * when domain is offline: changes are written to a journal and then reapplied in order when the domain is connected - newly enrolled devices get added to all bootacls of all domains if the policy is BOLT_POLICY_AUTO - removed devices get deleted from all bootacls of all domains - boltacl domain command will show the bootacl slots and their content * boltctl gained the -U, --uuid option, to control how uuids are printed - Improvements and fixes: * Testing - boltctl is now included in the tests * Bugs and robustness: - The device state is verified in Device.Authorize - Handle empty 'keys' sysfs device attribute - Properly adjust policies when enrolling already authorized devices - Fix potential crasher when logging assertions g_return_if_fail
Comments 0