uki

package
v1.12.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2026 License: MPL-2.0 Imports: 23 Imported by: 0

Documentation

Overview

Package uki creates the UKI file out of the sd-stub and other sections.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func DiscoverKernelVersion 

func DiscoverKernelVersion(kernelPath string) (string, error)

DiscoverKernelVersion reads kernel version from the kernel image.

This only works for x86 kernel images.

Based on https://www.kernel.org/doc/html/v5.6/x86/boot.html.

func Extract 

func Extract(ukiPath string) (asset pe.AssetInfo, err error)

Extract extracts the kernel, initrd, and cmdline from the UKI file.

func GetSBAT 

func GetSBAT(path string) ([]byte, error)

GetSBAT returns the SBAT section from the PE file.

Types

type Builder 

type Builder struct {
	// Source options.
	//
	// Arch of the UKI file.
	Arch string
	// Version of Talos.
	Version string
	// Path to the sd-stub.
	SdStubPath string
	// Path to the sd-boot.
	SdBootPath string
	// Path to the kernel image.
	KernelPath string
	// Path to the initrd image.
	InitrdPath string
	// Kernel cmdline.
	Cmdline string
	// SecureBoot certificate and signer.
	SecureBootSigner pesign.CertificateSigner
	// PCR signer.
	PCRSigner measure.RSAKey
	// Profiles to include in the UKI.
	Profiles []Profile

	// Output options:
	//
	// Path to the signed sd-boot.
	OutSdBootPath string
	// Path to the output UKI file.
	OutUKIPath string
	// contains filtered or unexported fields
}

Builder is a UKI file builder.

func (*Builder) Build 

func (builder *Builder) Build(printf func(string, ...any)) error

Build the unsigned UKI file.

Build process is as follows:

  • build ephemeral sections (uname, os-release), and other proposed sections
  • assemble the final UKI file starting from sd-stub and appending generated section.

func (*Builder) BuildSigned 

func (builder *Builder) BuildSigned(printf func(string, ...any)) error

BuildSigned the UKI file.

BuildSigned process is as follows:

  • sign the sd-boot EFI binary, and write it to the OutSdBootPath
  • build ephemeral sections (uname, os-release), and other proposed sections
  • measure sections, generate signature, and append to the list of sections
  • assemble the final UKI file starting from sd-stub and appending generated section.

type Profile 

type Profile struct {
	ID    string
	Title string

	Cmdline string
}

Profile is a UKI Profile. For now only cmdline is supported.

func (Profile) String 

func (p Profile) String() string

String returns the string representation of the profile that gets adds to the `.profile` section.

type Section 

type Section string

Section is a name of a PE file section (UEFI binary). 

const (
	SectionLinux   Section = ".linux"
	SectionOSRel   Section = ".osrel"
	SectionCmdline Section = ".cmdline"
	SectionInitrd  Section = ".initrd"
	SectionUcode   Section = ".ucode"
	SectionSplash  Section = ".splash"
	SectionDTB     Section = ".dtb"
	SectionUname   Section = ".uname"
	SectionSBAT    Section = ".sbat"
	SectionPCRSig  Section = ".pcrsig"
	SectionPCRPKey Section = ".pcrpkey"
	SectionProfile Section = ".profile"
	SectionDTBAuto Section = ".dtbauto"
	SectionHWIDS   Section = ".hwids"
)

List of well-known section names.

func (Section) String 

func (s Section) String() string

String returns the string representation of the section.

Source Files

View all Source files

Directories

Path Synopsis
internal
pe
Package pe handles appending sections to PE files.
 Package pe handles appending sections to PE files.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.