Jeremi Piotrowski
7e80c4cc4e
build_library: grub: Bring back linuxefi to stabilize PCR4
...
With grubs linux command, the kernel image is measured to PCR4 when SecureBoot
is enabled but not measured when SecureBoot is enabled. I don't think is
intentional, since SecureBoot state is measured to PCR7. Try to switch to
linuxefi again, since we're back on the common rhboot grub codebase.
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
cb972ccd23
build_library: pcr: document how to rerun measurements in bash
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
94a97299b8
build_library: pcr: Add all command and print all hashes
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
3ca5bde325
build_library: pcr: Surface error from pesign
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
1df9526241
build_library: pcr: support non-sb measurements too
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
c936593da7
build_library: pcr: more cleanups of deadcode
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
a2d8a5fa41
build_library: pcr: remove deadcode and simplify
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
b02c2e208b
build_library: pcr: fix bug in encoding menuentries
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
761d2ad0b3
build_library: pcr: simplify grub.cfg evaluation by subsituting values
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
c4808de691
build_library: pcr: support evaluating grub.cfg for pcr8
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
28fffb1d8d
build_library: pcr: simplify authenticode hash computation
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
eaeaf7562f
build_library: add PCR precompute script
2026-02-20 15:21:49 +01:00
Jeremi Piotrowski
2b69b0d4a7
coreos-modules: Enable kernel support for Confidential VMs
...
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
2026-02-20 15:21:49 +01:00
flatcar-ci
3d5a167644
Revert failed version back to 4609.0.0+nightly-20260212-2100
2026-02-20 02:56:18 +00:00
flatcar-ci
44e4fd696a
New version: main-4616.0.0-nightly-20260219-2100
...
Signed-off-by: flatcar-ci <infra+ci@flatcar-linux.org>
2026-02-19 21:00:26 +00:00
Mathieu Tortuyaux
6e7c11c363
Merge pull request #3736 from flatcar/mantle-update-main
...
Upgrade mantle container image to latest HEAD in main
2026-02-19 09:22:10 +01:00
Flatcar Buildbot
7279af4985
Update mantle container image to latest HEAD
...
Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-02-19 02:03:44 +00:00
flatcar-ci
a19c5402d0
Revert failed version back to 4609.0.0+nightly-20260212-2100
2026-02-19 02:03:31 +00:00
flatcar-ci
6a99fb2d18
New version: main-4615.0.0-nightly-20260218-2100
...
Signed-off-by: flatcar-ci <infra+ci@flatcar-linux.org>
2026-02-18 21:00:32 +00:00
Mathieu Tortuyaux
ec00da5ade
Merge pull request #3729 from flatcar/linux-6.12.73-main
...
Upgrade Linux Kernel for main from 6.12.70 to 6.12.73
2026-02-18 14:45:48 +01:00
flatcar-ci
ebfd922c25
Revert failed version back to 4609.0.0+nightly-20260212-2100
2026-02-18 02:42:34 +00:00
flatcar-ci
80ad4879e2
New version: main-4614.0.0-nightly-20260217-2100
...
Signed-off-by: flatcar-ci <infra+ci@flatcar-linux.org>
2026-02-17 21:00:31 +00:00
Flatcar Buildbot
3e6fe1b2f6
sys-kernel/coreos-sources: Update from 6.12.70 to 6.12.73
...
Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-02-17 11:00:11 +01:00
Mathieu Tortuyaux
51cb46a6cc
Merge pull request #3733 from flatcar/tormath1/ca-certificates
...
app-misc/ca-certificates: use github URLs
2026-02-17 10:58:56 +01:00
Mathieu Tortuyaux
25de567365
app-misc/ca-certificates: use github URLs
...
Between 3.120.1 and 3.120, we noticed this:
```
$ ls /var/tmp/portage/app-misc/ca-certificates-3.120-r1/work
nss-3.120
$ ls /var/tmp/portage/app-misc/ca-certificates-3.120.1/work
nss-NSS_3_120_1_RTM
```
The last one is using the GitHub release format - it seems the upstream
pushed a GitHub release on the Mozilla Archive FTP server?
Gentoo did the move as well: b51bd45ded
2026-02-17 10:35:51 +01:00
Mathieu Tortuyaux
9858e2637a
Merge pull request #3724 from flatcar/mantle-update-main
...
Upgrade mantle container image to latest HEAD in main
2026-02-17 09:20:17 +01:00
Flatcar Buildbot
5d911f86c4
Update mantle container image to latest HEAD
...
Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-02-16 21:34:35 +00:00
flatcar-ci
67b14b5205
Revert failed version back to 4609.0.0+nightly-20260212-2100
2026-02-16 21:34:24 +00:00
flatcar-ci
24adb2df07
New version: main-4613.0.0-nightly-20260216-2100
...
Signed-off-by: flatcar-ci <infra+ci@flatcar-linux.org>
2026-02-16 21:00:24 +00:00
Mathieu Tortuyaux
b3a17f6e4c
Merge pull request #3721 from flatcar/cacerts-3.120.1-main
...
Update ca-certificates in main from 3.120 to 3.120.1
2026-02-16 09:59:48 +01:00
Flatcar Buildbot
90f4cbad95
app-misc/ca-certificates: Update from 3.120 to 3.120.1
...
Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-02-16 07:32:04 +00:00
flatcar-ci
b3c09c828a
Revert failed version back to 4609.0.0+nightly-20260212-2100
2026-02-14 02:57:10 +00:00
flatcar-ci
7148f8b2d6
New version: main-4610.0.0-nightly-20260213-2100-INTERMEDIATE
...
Signed-off-by: flatcar-ci <infra+ci@flatcar-linux.org>
2026-02-13 21:00:22 +00:00
Mathieu Tortuyaux
d79e5424e0
Merge pull request #3696 from flatcar/tormath1/pam-sssd
...
package.use: enable back sssd for pambase
2026-02-13 09:52:27 +01:00
flatcar-ci
b9927a5d15
New version: main-4609.0.0-nightly-20260212-2100
...
Signed-off-by: flatcar-ci <infra+ci@flatcar-linux.org>
2026-02-12 21:00:23 +00:00
James Le Cuirot
ccdfe1bbec
Merge pull request #3710 from flatcar/mantle-update-main
...
Upgrade mantle container image to latest HEAD in main
2026-02-12 13:58:21 +00:00
Flatcar Buildbot
43193e7bdc
Update mantle container image to latest HEAD
...
Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-02-12 13:50:57 +00:00
Mathieu Tortuyaux
81f215913f
Merge pull request #3702 from flatcar/linux-6.12.70-main
...
Upgrade Linux Kernel for main from 6.12.69 to 6.12.70
2026-02-12 14:50:22 +01:00
Flatcar Buildbot
e6fca0b759
sys-kernel/coreos-sources: Update from 6.12.69 to 6.12.70
...
Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-02-12 07:24:12 +00:00
Mathieu Tortuyaux
24cd546041
changelog: add entry
...
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2026-02-11 09:29:00 +01:00
flatcar-ci
e7dd14a757
New version: main-4607.0.0-nightly-20260210-2100
...
Signed-off-by: flatcar-ci <infra+ci@flatcar-linux.org>
2026-02-10 21:00:26 +00:00
Mathieu Tortuyaux
4666ae235b
Merge pull request #3692 from flatcar/linux-6.12.69-main
...
Upgrade Linux Kernel for main from 6.12.66 to 6.12.69
2026-02-10 14:03:31 +01:00
Mathieu Tortuyaux
b3a05aa894
sys-auth/pambase: regen patches
...
This brings a fix to move the pam_sss at the right position. I think
this can be upstreamed.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2026-02-10 11:30:55 +01:00
Mathieu Tortuyaux
f16b88ef72
Merge pull request #3700 from flatcar/mantle-update-main
...
Upgrade mantle container image to latest HEAD in main
2026-02-10 09:57:35 +01:00
Flatcar Buildbot
ac70232a64
Update mantle container image to latest HEAD
...
Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-02-09 21:00:40 +00:00
flatcar-ci
01d917077d
New version: main-4606.0.0-nightly-20260209-2100
...
Signed-off-by: flatcar-ci <infra+ci@flatcar-linux.org>
2026-02-09 21:00:26 +00:00
Mathieu Tortuyaux
53047f14a3
package.use: enable back sssd for pambase
...
This was not creating the system-auth with the 'pam_sss' module. Which
makes sssd LDAP authentication to fail.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
2026-02-09 12:56:50 +01:00
Flatcar Buildbot
5465fa56de
sys-kernel/coreos-sources: Update from 6.12.66 to 6.12.69
...
Signed-off-by: Flatcar Buildbot <buildbot@flatcar-linux.org>
2026-02-07 07:14:41 +00:00
flatcar-ci
da64407a23
New version: main-4603.0.0-nightly-20260206-2100
...
Signed-off-by: flatcar-ci <infra+ci@flatcar-linux.org>
2026-02-07 02:38:14 +00:00
flatcar-ci
60b1453b1a
New version: main-4603.0.0-nightly-20260206-2100-INTERMEDIATE
...
Signed-off-by: flatcar-ci <infra+ci@flatcar-linux.org>
2026-02-06 21:00:25 +00:00
