erix/boot-tool
1
0
Fork 0
generated from erix/meta
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
A command-line utility for inspecting, verifying, and building boot images for the EriX operating system.
16 commits 1 branch 0 tags 155 KiB
  • Rust 100%
Find a file
Exact
Erik Inkinen fe1ce22fac
All checks were successful
CI / test (push) Successful in 5s
Details
CI / security (push) Successful in 1m28s
Details
CI / minimal-versions (push) Successful in 12s
Details
boot-tool: drop unstable rustfmt options for stable toolchains
2026-03-23 10:19:50 +02:00
.github Refactor milestone terminology to 'Component Milestone Tracking' across documentation for clarity and consistency 2026-03-05 11:55:30 +02:00
src boot-tool: support --boot-config and emit required BootConfig section 2026-03-17 03:42:03 +02:00
.editorconfig Initial commit 2026-02-26 10:53:43 +01:00
.gitignore Initial commit 2026-02-26 10:53:43 +01:00
ARCHITECTURE.md boot-tool: support --boot-config and emit required BootConfig section 2026-03-17 03:42:03 +02:00
Cargo.toml Enhance build command in main.rs 2026-02-26 14:44:47 +02:00
CODE_OF_CONDUCT.md Initial commit 2026-02-26 10:53:43 +01:00
CONTRIBUTING.md Refactor milestone terminology to 'Component Milestone Tracking' across documentation for clarity and consistency 2026-03-05 11:55:30 +02:00
LICENSE Initial commit 2026-02-26 10:53:43 +01:00
README.md boot-tool: support --boot-config and emit required BootConfig section 2026-03-17 03:42:03 +02:00
ROADMAP.md boot-tool: support --boot-config and emit required BootConfig section 2026-03-17 03:42:03 +02:00
rustfmt.toml boot-tool: drop unstable rustfmt options for stable toolchains 2026-03-23 10:19:50 +02:00
SECURITY.md docs: align security policy phase numbering 2026-03-11 05:28:10 +02:00

README.md

boot-tool

Command-line utility for EriX boot.img files.

Implemented commands

  • build: build a minimal boot image from a kernel ELF
  • inspect: print structural metadata and section listing
  • validate: parse and validate structure only
  • verify: parse + cryptographic verification
  • extract: extract a named section payload

Dependencies

  • lib-bootimg (git dependency)
  • lib-elf (git dependency)

No external crates are used.

Usage

# Build (kernel + optional early services and non-executable blobs)
boot-tool build \
  --kernel out/kernel.elf \
  --boot-config out/boot-config.bin \
  --early-service rootd:out/rootd.elf \
  --blob console-font:out/console-font.pf2 \
  --output out/boot.img \
  --key-id 0 \
  --build-id-input "ci:job-123"

# Validate structure
boot-tool validate --image out/boot.img

# Inspect image metadata
boot-tool inspect --image out/boot.img

# Verify image authenticity
boot-tool verify \
  --image out/boot.img \
  --pubkey-hex <64-hex-public-key> \
  --key-id 0

# Extract kernel section
boot-tool extract \
  --image out/boot.img \
  --section kernel \
  --output out/kernel.extracted

Build command options

  • --kernel <path>: kernel ELF input (required)
  • --output <path>: output image path (required)
  • --early-service <name:path>: add required early boot service section (repeatable)
  • --boot-config <path>: add required boot-config payload section (type=BootConfig)
  • --blob <name:path>: add required non-executable blob section (repeatable)
  • --key-id <u32>: signature key id (default 0)
  • --build-id <hex64>: explicit 32-byte build id
  • --build-id-input <string>: append UTF-8 build-id derivation input (repeatable)
  • --signature-hex <hex128>: inject 64-byte Ed25519 signature
  • --signing-payload-output <path>: write canonical signing payload

Verify command options

  • --image <path>: boot image path (required)
  • --pubkey-hex <hex64>: 32-byte Ed25519 public key (hex)
  • --pubkey-file <path>: raw 32-byte Ed25519 public key file
  • --key-id <u32>: expected signature key id (default 0)

Use either --pubkey-hex or --pubkey-file.

Notes

  • Build flow always includes kernel and may include repeatable required early-boot-service sections via --early-service.
  • --boot-config emits a boot-config section with SectionType::BootConfig and RequiredForBoot flag.
  • Blob sections added via --blob are emitted as NonExecutableBlob + REQUIRED_FOR_BOOT entries, which is used for assets such as console-font.
  • Manifest/TOML driven builds are planned but not implemented yet.