erix/bootloader
1
0
Fork 0
generated from erix/meta
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
The EriX bootloader — a minimal, security-focused bootloader that currently targets UEFI on x86_64 and loads/verifies boot.img files.
74 commits 1 branch 0 tags 556 KiB
  • Rust 80.1%
  • Shell 19.4%
  • Makefile 0.5%
Find a file
Exact
Erik Inkinen 910b240ac0
All checks were successful
CI / test (push) Successful in 1m28s
Details
CI / security (push) Successful in 1m29s
Details
CI / minimal-versions (push) Successful in 11s
Details
bootloader: drop unstable rustfmt options and apply stable formatting
2026-03-23 10:19:50 +02:00
.cargo Implement QEMU integration testing and enhance build scripts 2026-02-26 13:36:41 +02:00
.github Refactor milestone terminology to component milestone tracking in templates and documentation 2026-03-05 11:55:56 +02:00
scripts bootloader: rename runtime markers and update qemu negative tests 2026-03-21 03:31:21 +02:00
src bootloader: drop unstable rustfmt options and apply stable formatting 2026-03-23 10:19:50 +02:00
tests Refactor QEMU integration test for improved readability and maintainability 2026-02-26 18:46:08 +02:00
.editorconfig Initial commit 2026-02-26 11:11:41 +01:00
.gitignore Initial commit 2026-02-26 11:11:41 +01:00
ARCHITECTURE.md bootloader: pass BootConfig modules through handoff and fixture build 2026-03-17 03:42:03 +02:00
Cargo.toml runtime-mode: add dev-only early framebuffer console handoff 2026-03-12 16:19:22 +02:00
CODE_OF_CONDUCT.md Initial commit 2026-02-26 11:11:41 +01:00
CONTRIBUTING.md Refactor milestone terminology to component milestone tracking in templates and documentation 2026-03-05 11:55:56 +02:00
LICENSE Initial commit 2026-02-26 11:11:41 +01:00
Makefile Add negative integration tests for QEMU boot failures and update CI workflow 2026-02-26 18:43:57 +02:00
README.md bootloader: rename runtime markers and update qemu negative tests 2026-03-21 03:31:21 +02:00
ROADMAP.md bootloader: pass BootConfig modules through handoff and fixture build 2026-03-17 03:42:03 +02:00
rustfmt.toml bootloader: drop unstable rustfmt options and apply stable formatting 2026-03-23 10:19:50 +02:00
SECURITY.md docs: align security policy phase numbering 2026-03-11 05:28:10 +02:00

README.md

bootloader

The EriX bootloader is a minimal, security-focused bootloader that currently targets UEFI on x86_64 and loads/verifies boot.img artifacts.

Goals

  • load EriX boot.img v1 from the EFI System Partition
  • verify signatures and section hashes before execution
  • parse/load ELF64 kernel and early service sections
  • load required boot-config section and include it in handoff modules
  • map required non-executable blob sections into handoff module descriptors
  • build/publish handoff data for kernel entry
  • publish framebuffer continuity metadata when console-font is present
  • support profile-gated early console sinks (bootloader-dev-console in dev profile)
  • keep deterministic, fail-closed boot behavior
  • maintain portability boundaries between core/platform/arch code

Non-goals

  • multi-boot menu / boot manager UX
  • support for non-EriX operating systems
  • legacy BIOS/MBR boot path

Dependencies

  • lib-bootimg for boot.img parsing/verification
  • lib-elf for ELF64 parsing
  • lib-handoff for handoff schema types

No external Rust crates are used.

Build and Test

make build-uefi
make build-kernel-stub
make package-esp

ERIX_RUN_QEMU_TESTS=1 cargo test --test qemu_integration

Integration harness behavior:

  • runs bootloader.efi in qemu-system-x86_64 with OVMF
  • emits ERIX_BOOTLOADER:* markers over serial in debug/test paths
  • uses isa-debug-exit on 0xF4 for deterministic VM exit status

Repository Structure (Current)

bootloader/
├── Cargo.toml
├── Makefile
├── scripts/
│   ├── build-uefi.sh
│   ├── build-kernel-stub.sh
│   ├── package-esp.sh
│   ├── run-qemu-test.sh
│   └── run-qemu-negative-tests.sh
├── src/
│   ├── main.rs
│   ├── allocator.rs
│   ├── handoff_builder.rs
│   ├── memory_map.rs
│   ├── paging.rs
│   ├── test_support.rs
│   └── uefi.rs
├── tests/
│   ├── qemu_integration.rs
│   └── keys/
└── ROADMAP.md

Status

Implemented baseline:

  • boot.img load/parse/verify path
  • ELF extraction and load-plan path
  • handoff build and kernel-transfer path in current harness profile
  • non-executable blob module loading (including console-font)
  • boot-config module loading (SectionType::BootConfig) and handoff inclusion
  • GOP framebuffer mode capture + continuity metadata in handoff
  • dev-profile early console rendering via lib-console with cursor/generation continuity export
  • release-profile quiet early boot (no bootloader serial/framebuffer trace emission)
  • QEMU smoke and negative integration suites

Remaining work is focused on contract freeze (kernel/rootd alignment), portability hardening, and expanded adversarial coverage.

License

ISC. See LICENSE.