This is bolt 0.6 'Make the firmware do it!'

New Features:

  • pre-boot access control list, aka. BootACL support [!119]

    • domains objects are now persistent
      • new Uid (dbus) / uid (object) property derived from the uuid of the device representing the root switch
      • sysfs and id attribute will be set/unset on connects and disconnects
      • domains are now stored in the boltd database
    • domains got the BootACL (dbus) / bootacl (object) property
      • uuids can be added, removed or set in batch
      • when domain is online: changes are written to the sysfs boot_acl attribute directly
      • when domain is offline: changes are written to a journal and then reapplied in order when the domain is connected
    • newly enrolled devices get added to all bootacls of all domains if the policy is BOLT_POLICY_AUTO
    • removed devices get deleted from all bootacls of all domains
    • boltacl domain command will show the bootacl slots and their content
  • boltctl gained the -U, --uuid option, to control how uuids are printed [!124]

Improvements and fixes:

  • Testing [!127]

    • The test coverage increased to 84.80% overall and to 90.0% for the boltd source
    • Coverage is reported for merge requests via the fedora ci image [!126]
    • boltctl is now included in the tests [!132]
    • Fedora 29 is used for the fedora ci image
  • Bugs and robustness:

    • The device state is verified in Device.Authorize [!120]
    • Handle empty 'keys' sysfs device attribute [!129]
    • Properly adjust policies when enrolling already authorized devices [!136]
    • Fix potential crasher when logging assertions g_return_if_fail [!121]