]> git.ipfire.org Git - thirdparty/ipxe.git/commit
projects / thirdparty / ipxe.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 486b15b) | patch
[image] Add the "imgdecrypt" command
authorMichael Brown <mcb30@ipxe.org>
Thu, 29 Aug 2024 13:00:34 +0000 (14:00 +0100)
committerMichael Brown <mcb30@ipxe.org>
Thu, 29 Aug 2024 14:11:30 +0000 (15:11 +0100)
commit72316b820d4bdbf3d75a0ae7e13f1c3bc8e6ac29
tree111872793eecfcd754e93491c8d352bfb4e0e627tree
parent486b15b3c11692af4325cd7d0220cdb72ec27586commit | diff
[image] Add the "imgdecrypt" command

Add the "imgdecrypt" command that can be used to decrypt a detached
encrypted data image using a cipher key obtained from a separate CMS
envelope image.  For example:

  # Create non-detached encrypted CMS messages
  #
  openssl cms -encrypt -binary -aes-256-gcm -recip client.crt \
              -in vmlinuz -outform DER -out vmlinuz.cms
  openssl cms -encrypt -binary -aes-256-gcm -recip client.crt \
              -in initrd.img -outform DER -out initrd.img.cms

  # Detach data from envelopes (using iPXE's contrib/crypto/cmsdetach)
  #
  cmsdetach vmlinuz.cms -d vmlinuz.dat -e vmlinuz.env
  cmsdetach initrd.img.cms -d initrd.img.dat -e initrd.img.env

and then within iPXE:

  #!ipxe
  imgfetch http://192.168.0.1/vmlinuz.dat
  imgfetch http://192.168.0.1/initrd.img.dat
  imgdecrypt vmlinuz.dat    http://192.168.0.1/vmlinuz.env
  imgdecrypt initrd.img.dat http://192.168.0.1/initrd.img.env
  boot vmlinuz

Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/config/config.c diff | blob | blame | history
src/config/general.h diff | blob | blame | history
src/hci/commands/image_crypt_cmd.c [new file with mode: 0644] blob
src/include/usr/imgcrypt.h [new file with mode: 0644] blob
src/usr/imgcrypt.c [new file with mode: 0644] blob
Mirror of https://github.com/ipxe/ipxe.git