The ST team is happy to announce a new release of the stboot bootloader, tag v0.4.3, which succeeds the previous release at tag v0.3.6. The source code for this release is available from the git repository:
git clone -b v0.4.3 https://git.glasklar.is/system-transparency/core/stboot.git
Authoritative ST release signing keys are published at:
https://www.system-transparency.org/keys
The tag signature can be verified using the following command:
git -c gpg.format=ssh \ -c gpg.ssh.allowedSignersFile=allowed-ST-release-signers \ tag --verify v0.4.3
The expectations and intended use of the stboot bootloader is documented in the repository's RELEASES file. This RELEASES file also contains more information concerning the overall release process, see:
https://git.glasklar.is/system-transparency/core/stboot/-/blob/v0.4.3/RELEAS...
Learn about what's new in a release from the repository's NEWS file. An excerpt from the latest NEWS-file entry is listed below for convenience.
If you find any bugs, please report them on the System Transparency discuss list or open an issue on GitLab in the stboot repository:
https://lists.system-transparency.org/mailman3/postorius/lists/st-discuss.li... https://git.glasklar.is/system-transparency/core/stboot/-/issues
Cheers, The ST team
NEWS for stboot v0.4.3
This release of stboot includes bug fixes and new features. The most notable feature is the ability to enter provisioning mode even if a host configuration has already been provisioned on the system.
Bug fixes:
* When running stboot as the init process, load kernel modules before trying to mount /sys/firmware/efi/efivars. This ensures EFI variables will work when the efivarfs driver is provided as a loadable kernel module (rather than being built into the kernel). For users that use u-root as the init process: be aware that the same issue which has now been fixed in stboot still remains open in u-root, see https://github.com/u-root/u-root/issues/2993.
* Properly wait for the selected network interfaces to reach state UP before considering the network to be configured successfully. This ensures stboot will not spend any of its retries due to interfaces that are not up yet.
New features and improvements:
* If a provisioning OS package is included in the stboot image, it is now possible to enter provisioning mode if the provisioned host configuration is invalid or if the user presses Ctrl-C. See docs/stboot-system.md for details and security implications.
* The OS package descriptor now supports "os_pkg_url" to be relative to the descriptor's (absolute) base URI. Refer to the OS package specification for the exact resolution rules.
This release has been tested to work with:
* Artifacts produced by stmgr v0.4.0 (pre-release version). https://git.glasklar.is/system-transparency/core/stmgr/-/tree/v0.4.0 * Systems provisioned with stprov v0.3.8 (pre-release version) https://git.glasklar.is/system-transparency/core/stprov/-/tree/v0.3.8
This release implements the specifications at https://git.glasklar.is/system-transparency/project/docs/-/tree/v0.3.0/conte...