hashboot/README.md

**hashboot** hashes all files in `/boot` and the MBR to check them during early
boot. It is intended for when you have encrypted the root partition but not the
boot partition. The checksums and a backup of the contents of `/boot` are stored
in `/var/lib/hashboot` by default. If a checksum doesn't match, you have the
option to restore the file from backup.

If there is a core- or libreboot BIOS and [flashrom](https://flashrom.org/)
installed, **hashboot** can check the BIOS for modifications too.

We moved our code to
[schlomp.space](https://schlomp.space/tastytea/hashboot) but we keep the
[GitHub-repo](https://github.com/tastytea/hashboot) as a mirror.

# Install

## Packages

### Void Linux

``` shell
xbps-install -S hashboot
```

### Gentoo Linux

Ebuilds are available via the
[tastytea repository](https://schlomp.space/tastytea/overlay).

``` shell
emerge -a sys-apps/hashboot
rc-update add hashboot boot
```

### Arch Linux

Use the [package from AUR](https://aur.archlinux.org/packages/hashboot/).

## Manual

### Any distro

The releases on
[schlomp.space](https://schlomp.space/tastytea/hashboot/releases) are
PGP-signed. The key-ID is `F7301ADFC9ED262448C42B64242E5AC4DA587BF9`
(`242E5AC4DA587BF9`). You can fetch it with `gpg --locate-key
autosign@tastytea.de`.

* Make hashboot executable
* Place hashboot anywhere in ${PATH}
* Install the appropriate init script
* If applicable, copy `hooks/kernel-postinst` to /etc/kernel/post{inst,rm}.d/zzz-hashboot
(make sure it is called after all other hooks)
* To generate the manpage, install [asciidoc](http://asciidoc.org/) and run
`build_manpage.sh`.

# Usage

* First run creates a configuration file. Select the desired checkroutines
* Run `hashboot index` to generate checksums and a backup for /boot and MBR
* Run `hashboot check` to check /boot and MBR
* Run `hashboot recover` to replace corrupted files with the backup

# Notes

* You can't use the openrc/sysv init scripts with parallel boot.
* The systemd and SysVinit init scripts have not been tested in a while, but
will probably work.

# License

```PLAIN
"THE HUG-WARE LICENSE" (Revision 2):
teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.
As long as you retain this notice you can do whatever you want with this.
If we meet some day, and you think this is nice, you can give us a hug.
```
Mention MBR in description. 2019-02-24 13:06:10 +01:00			hashboot hashes all files in `/boot` and the MBR to check them during early
			`boot. It is intended for when you have encrypted the root partition but not the`
			boot partition. The checksums and a backup of the contents of `/boot` are stored
			in `/var/lib/hashboot` by default. If a checksum doesn't match, you have the
			`option to restore the file from backup.`
Umm… test? 2015-10-17 23:45:49 +02:00
Edited README, aesthetically. 2019-03-29 23:08:03 +01:00			`If there is a core- or libreboot BIOS and [flashrom](https://flashrom.org/)`
			`installed, hashboot can check the BIOS for modifications too.`
Update README.md 2019-02-24 14:25:57 +01:00
Added information about our move to schlomp.space to readme. 2019-06-20 17:57:07 +02:00			`We moved our code to`
			`[schlomp.space](https://schlomp.space/tastytea/hashboot) but we keep the`
			`[GitHub-repo](https://github.com/tastytea/hashboot) as a mirror.`

Introducing README.md 2015-10-17 23:23:50 +02:00			`# Install`
Cleaned up documentation, deleted ebuild. 2019-02-24 12:29:59 +01:00
Added installation instructions for Void and Gentoo. 2019-03-29 23:16:46 +01:00			`## Packages`

			`### Void Linux`

Added AUR instructions, deleted Arch Linux manual instructions. (GitHub issue #18) 2019-06-20 19:52:15 +02:00			``` shell
Added installation instructions for Void and Gentoo. 2019-03-29 23:16:46 +01:00			`xbps-install -S hashboot`
			```

Added AUR instructions, deleted Arch Linux manual instructions. (GitHub issue #18) 2019-06-20 19:52:15 +02:00			`### Gentoo Linux`
Added installation instructions for Void and Gentoo. 2019-03-29 23:16:46 +01:00
			`Ebuilds are available via the`
			`[tastytea repository](https://schlomp.space/tastytea/overlay).`

Added AUR instructions, deleted Arch Linux manual instructions. (GitHub issue #18) 2019-06-20 19:52:15 +02:00			``` shell
Enahnced installation instruction for Gentoo. 2019-03-30 00:26:41 +01:00			`emerge -a sys-apps/hashboot`
			`rc-update add hashboot boot`
			```

Add installation instructions for Arch Linux 2019-05-12 18:37:42 +02:00			`### Arch Linux`

Added AUR instructions, deleted Arch Linux manual instructions. (GitHub issue #18) 2019-06-20 19:52:15 +02:00			`Use the [package from AUR](https://aur.archlinux.org/packages/hashboot/).`

			`## Manual`
Add installation instructions for Arch Linux 2019-05-12 18:37:42 +02:00
			`### Any distro`

Added information about our move to schlomp.space to readme. 2019-06-20 17:57:07 +02:00			`The releases on`
			`[schlomp.space](https://schlomp.space/tastytea/hashboot/releases) are`
			PGP-signed. The key-ID is `F7301ADFC9ED262448C42B64242E5AC4DA587BF9`
Add info on how to fetch autosign key. 2019-11-20 04:45:21 +01:00			(`242E5AC4DA587BF9`). You can fetch it with `gpg --locate-key
			autosign@tastytea.de`.
Added information about our move to schlomp.space to readme. 2019-06-20 17:57:07 +02:00
More readme updates 2015-10-18 00:03:22 +02:00			`* Make hashboot executable`
Edited README, aesthetically. 2019-03-29 23:08:03 +01:00			`* Place hashboot anywhere in ${PATH}`
Introducing README.md 2015-10-17 23:23:50 +02:00			`* Install the appropriate init script`
Updated kernel-hook location in readme. 2019-06-20 14:36:52 +02:00			* If applicable, copy `hooks/kernel-postinst` to /etc/kernel/post{inst,rm}.d/zzz-hashboot
Edited README, aesthetically. 2019-03-29 23:08:03 +01:00			`(make sure it is called after all other hooks)`
			`* To generate the manpage, install [asciidoc](http://asciidoc.org/) and run`
			`build_manpage.sh`.
Introducing README.md 2015-10-17 23:23:50 +02:00
			`# Usage`
Edited README, aesthetically. 2019-03-29 23:08:03 +01:00
			`* First run creates a configuration file. Select the desired checkroutines`
			* Run `hashboot index` to generate checksums and a backup for /boot and MBR
			* Run `hashboot check` to check /boot and MBR
			* Run `hashboot recover` to replace corrupted files with the backup
Introducing README.md 2015-10-17 23:23:50 +02:00
			`# Notes`
Cleaned up documentation, deleted ebuild. 2019-02-24 12:29:59 +01:00
Readme-updates 2015-10-17 23:57:38 +02:00			`* You can't use the openrc/sysv init scripts with parallel boot.`
Added note about untested init scripts. 2019-03-29 23:54:42 +01:00			`* The systemd and SysVinit init scripts have not been tested in a while, but`
			`will probably work.`
Cleaned up documentation, deleted ebuild. 2019-02-24 12:29:59 +01:00
			`# License`

			```PLAIN
addition 2019-02-24 15:30:04 +01:00			`"THE HUG-WARE LICENSE" (Revision 2):`
			`teldra <teldra@rotce.de> and tastytea <tastytea@tastytea.de> wrote this.`
Edited README, aesthetically. 2019-03-29 23:08:03 +01:00			`As long as you retain this notice you can do whatever you want with this.`
addition 2019-02-24 15:30:04 +01:00			`If we meet some day, and you think this is nice, you can give us a hug.`
Cleaned up documentation, deleted ebuild. 2019-02-24 12:29:59 +01:00			```