├── .github └── workflows │ ├── automatic-doc-checks.yml │ ├── markdown-style-checks.yml │ ├── release.yaml │ ├── sphinx-python-dependency-build-checks.yml │ └── unit-tests.yaml ├── .gitignore ├── .golangci.yaml ├── .readthedocs.yaml ├── .wokeignore ├── LICENSE ├── README.md ├── SECURITY.md ├── create-uefi-config └── main.go ├── deploy.go ├── docs ├── .custom_wordlist.txt ├── .gitignore ├── .sphinx │ ├── .markdownlint.json │ ├── .wordlist.txt │ ├── _static │ │ ├── favicon.png │ │ ├── project_specific.css │ │ └── tag.png │ ├── _templates │ │ └── header.html │ ├── get_vale_conf.py │ ├── metrics │ │ ├── build_metrics.sh │ │ └── source_metrics.sh │ ├── pa11y.json │ ├── requirements.txt │ └── spellingcheck.yaml ├── .wokeignore ├── Makefile ├── Makefile.sp ├── conf.py ├── doc-cheat-sheet-myst.md ├── doc-cheat-sheet.rst ├── explanation │ ├── building.md │ ├── index.md │ ├── secure-boot.md │ └── verify-rootfs-integrity.md ├── howto │ ├── encrypt-only.md │ ├── index.md │ └── integrity-only.md ├── index.rst ├── make.bat ├── reference │ ├── architecture.md │ ├── customizations.md │ ├── deploy.md │ ├── encrypt.md │ ├── index.md │ └── integrity-protect.md ├── reuse │ └── links.txt └── tutorials │ ├── index.md │ └── local-testing.md ├── encrypt.go ├── go.mod ├── go.sum ├── internal ├── efienv │ ├── az.go │ ├── az_test.go │ ├── create-test-az-model │ │ └── main.go │ ├── efienv.go │ ├── efienv_test.go │ └── testdata │ │ ├── KEK │ │ ├── PK │ │ ├── db │ │ ├── dbx │ │ ├── disk.json │ │ ├── disk2.json │ │ ├── src │ │ ├── KEK-0.esl │ │ ├── PK.esl │ │ ├── db-0.esl │ │ ├── db-1.esl │ │ └── dbx-0.esl │ │ ├── uefi-omits-rtb-event.json │ │ └── uefi.json ├── exec │ ├── exec.go │ └── exec_test.go ├── gpt │ ├── gpt.go │ └── gpt_test.go ├── ioutil │ └── ioutil.go ├── logutil │ ├── logutil.go │ └── logutil_test.go ├── luks2 │ ├── activate.go │ ├── cryptsetup.go │ ├── fifo.go │ ├── luks2.go │ └── metadata.go └── nbd │ ├── export_test.go │ ├── nbd.go │ ├── nbd_test.go │ └── testdata │ ├── dynamic.vhd │ ├── fixed.vhd │ ├── test.qcow2 │ └── test.raw ├── main.go └── print-recovery-key └── main.go /.github/workflows/automatic-doc-checks.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/.github/workflows/automatic-doc-checks.yml -------------------------------------------------------------------------------- /.github/workflows/markdown-style-checks.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/.github/workflows/markdown-style-checks.yml -------------------------------------------------------------------------------- /.github/workflows/release.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/.github/workflows/release.yaml -------------------------------------------------------------------------------- /.github/workflows/sphinx-python-dependency-build-checks.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/.github/workflows/sphinx-python-dependency-build-checks.yml -------------------------------------------------------------------------------- /.github/workflows/unit-tests.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/.github/workflows/unit-tests.yaml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/.gitignore -------------------------------------------------------------------------------- /.golangci.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/.golangci.yaml -------------------------------------------------------------------------------- /.readthedocs.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/.readthedocs.yaml -------------------------------------------------------------------------------- /.wokeignore: -------------------------------------------------------------------------------- 1 | docs/.wokeignore -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/SECURITY.md -------------------------------------------------------------------------------- /create-uefi-config/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/create-uefi-config/main.go -------------------------------------------------------------------------------- /deploy.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/deploy.go -------------------------------------------------------------------------------- /docs/.custom_wordlist.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.custom_wordlist.txt -------------------------------------------------------------------------------- /docs/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.gitignore -------------------------------------------------------------------------------- /docs/.sphinx/.markdownlint.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/.markdownlint.json -------------------------------------------------------------------------------- /docs/.sphinx/.wordlist.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/.wordlist.txt -------------------------------------------------------------------------------- /docs/.sphinx/_static/favicon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/_static/favicon.png -------------------------------------------------------------------------------- /docs/.sphinx/_static/project_specific.css: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/.sphinx/_static/tag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/_static/tag.png -------------------------------------------------------------------------------- /docs/.sphinx/_templates/header.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/_templates/header.html -------------------------------------------------------------------------------- /docs/.sphinx/get_vale_conf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/get_vale_conf.py -------------------------------------------------------------------------------- /docs/.sphinx/metrics/build_metrics.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/metrics/build_metrics.sh -------------------------------------------------------------------------------- /docs/.sphinx/metrics/source_metrics.sh: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/metrics/source_metrics.sh -------------------------------------------------------------------------------- /docs/.sphinx/pa11y.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/pa11y.json -------------------------------------------------------------------------------- /docs/.sphinx/requirements.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/requirements.txt -------------------------------------------------------------------------------- /docs/.sphinx/spellingcheck.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.sphinx/spellingcheck.yaml -------------------------------------------------------------------------------- /docs/.wokeignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/.wokeignore -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/Makefile -------------------------------------------------------------------------------- /docs/Makefile.sp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/Makefile.sp -------------------------------------------------------------------------------- /docs/conf.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/conf.py -------------------------------------------------------------------------------- /docs/doc-cheat-sheet-myst.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/doc-cheat-sheet-myst.md -------------------------------------------------------------------------------- /docs/doc-cheat-sheet.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/doc-cheat-sheet.rst -------------------------------------------------------------------------------- /docs/explanation/building.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/explanation/building.md -------------------------------------------------------------------------------- /docs/explanation/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/explanation/index.md -------------------------------------------------------------------------------- /docs/explanation/secure-boot.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/explanation/secure-boot.md -------------------------------------------------------------------------------- /docs/explanation/verify-rootfs-integrity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/explanation/verify-rootfs-integrity.md -------------------------------------------------------------------------------- /docs/howto/encrypt-only.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/howto/encrypt-only.md -------------------------------------------------------------------------------- /docs/howto/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/howto/index.md -------------------------------------------------------------------------------- /docs/howto/integrity-only.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/howto/integrity-only.md -------------------------------------------------------------------------------- /docs/index.rst: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/index.rst -------------------------------------------------------------------------------- /docs/make.bat: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/make.bat -------------------------------------------------------------------------------- /docs/reference/architecture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/reference/architecture.md -------------------------------------------------------------------------------- /docs/reference/customizations.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/reference/customizations.md -------------------------------------------------------------------------------- /docs/reference/deploy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/reference/deploy.md -------------------------------------------------------------------------------- /docs/reference/encrypt.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/reference/encrypt.md -------------------------------------------------------------------------------- /docs/reference/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/reference/index.md -------------------------------------------------------------------------------- /docs/reference/integrity-protect.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/reference/integrity-protect.md -------------------------------------------------------------------------------- /docs/reuse/links.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/reuse/links.txt -------------------------------------------------------------------------------- /docs/tutorials/index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/tutorials/index.md -------------------------------------------------------------------------------- /docs/tutorials/local-testing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/docs/tutorials/local-testing.md -------------------------------------------------------------------------------- /encrypt.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/encrypt.go -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/go.mod -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/go.sum -------------------------------------------------------------------------------- /internal/efienv/az.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/az.go -------------------------------------------------------------------------------- /internal/efienv/az_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/az_test.go -------------------------------------------------------------------------------- /internal/efienv/create-test-az-model/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/create-test-az-model/main.go -------------------------------------------------------------------------------- /internal/efienv/efienv.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/efienv.go -------------------------------------------------------------------------------- /internal/efienv/efienv_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/efienv_test.go -------------------------------------------------------------------------------- /internal/efienv/testdata/KEK: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/KEK -------------------------------------------------------------------------------- /internal/efienv/testdata/PK: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/PK -------------------------------------------------------------------------------- /internal/efienv/testdata/db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/db -------------------------------------------------------------------------------- /internal/efienv/testdata/dbx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/dbx -------------------------------------------------------------------------------- /internal/efienv/testdata/disk.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/disk.json -------------------------------------------------------------------------------- /internal/efienv/testdata/disk2.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/disk2.json -------------------------------------------------------------------------------- /internal/efienv/testdata/src/KEK-0.esl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/src/KEK-0.esl -------------------------------------------------------------------------------- /internal/efienv/testdata/src/PK.esl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/src/PK.esl -------------------------------------------------------------------------------- /internal/efienv/testdata/src/db-0.esl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/src/db-0.esl -------------------------------------------------------------------------------- /internal/efienv/testdata/src/db-1.esl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/src/db-1.esl -------------------------------------------------------------------------------- /internal/efienv/testdata/src/dbx-0.esl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/src/dbx-0.esl -------------------------------------------------------------------------------- /internal/efienv/testdata/uefi-omits-rtb-event.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/uefi-omits-rtb-event.json -------------------------------------------------------------------------------- /internal/efienv/testdata/uefi.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/efienv/testdata/uefi.json -------------------------------------------------------------------------------- /internal/exec/exec.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/exec/exec.go -------------------------------------------------------------------------------- /internal/exec/exec_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/exec/exec_test.go -------------------------------------------------------------------------------- /internal/gpt/gpt.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/gpt/gpt.go -------------------------------------------------------------------------------- /internal/gpt/gpt_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/gpt/gpt_test.go -------------------------------------------------------------------------------- /internal/ioutil/ioutil.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/ioutil/ioutil.go -------------------------------------------------------------------------------- /internal/logutil/logutil.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/logutil/logutil.go -------------------------------------------------------------------------------- /internal/logutil/logutil_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/logutil/logutil_test.go -------------------------------------------------------------------------------- /internal/luks2/activate.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/luks2/activate.go -------------------------------------------------------------------------------- /internal/luks2/cryptsetup.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/luks2/cryptsetup.go -------------------------------------------------------------------------------- /internal/luks2/fifo.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/luks2/fifo.go -------------------------------------------------------------------------------- /internal/luks2/luks2.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/luks2/luks2.go -------------------------------------------------------------------------------- /internal/luks2/metadata.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/luks2/metadata.go -------------------------------------------------------------------------------- /internal/nbd/export_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/nbd/export_test.go -------------------------------------------------------------------------------- /internal/nbd/nbd.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/nbd/nbd.go -------------------------------------------------------------------------------- /internal/nbd/nbd_test.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/nbd/nbd_test.go -------------------------------------------------------------------------------- /internal/nbd/testdata/dynamic.vhd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/nbd/testdata/dynamic.vhd -------------------------------------------------------------------------------- /internal/nbd/testdata/fixed.vhd: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/nbd/testdata/fixed.vhd -------------------------------------------------------------------------------- /internal/nbd/testdata/test.qcow2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/nbd/testdata/test.qcow2 -------------------------------------------------------------------------------- /internal/nbd/testdata/test.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/internal/nbd/testdata/test.raw -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/main.go -------------------------------------------------------------------------------- /print-recovery-key/main.go: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/canonical/encrypt-cloud-image/HEAD/print-recovery-key/main.go --------------------------------------------------------------------------------