-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Trusted Computed Base (or TCB) is the essential core components of a
system, critical to its security. In mktcb
, we implicitely refer to software
components, such as the bootloader (e.g. U-Boot) or kernels (e.g.
Linux). This project aims at easily storing and using TCB configurations to rebuild them either as releases are published or to rebuild the binary from scratch. The key in the process being reproducibility and traceability.
-
File System Reference: understand how to use the library and what
mktcb
does with the file system. - Configuration Reference: learn what to write in configuration files.
As an illustrative example, we will use the example library as a basis. We will use one target: the nanopi-r1. The goal is to regularly generate a debian package of the Linux kernel.
The following command, if run from the top source directory of mktcb
(assuming mktcb
is in your PATH
) will fetch the latest Linux revision corresponding to the version written in the configuration for the nanopi-r1. It will then generate the linux-image
debian package, generated from the sources of Linux.
mktcb -L examples -t nanopi-r1 linux --fetch --make bindeb-pkg
Note that the job of mktcb
stops here. You may want to have a look at dedicated tools, such as reprepro to handle the generated artifacts.