Adolfo Delorenzo
efc7f80b65
Security hardening: bind kubeconfig server to localhost, mount hardening (noexec/nosuid/nodev on tmpfs), sysctl network hardening, kernel module loading lock after boot, SHA256 checksum verification for downloads, kernel AppArmor + Audit support, complain-mode AppArmor profiles for containerd and kubelet, and security integration test. ARM64 Raspberry Pi support: piCore64 base extraction, RPi kernel build from raspberrypi/linux fork, RPi firmware fetch, SD card image with 4- partition GPT and tryboot A/B mechanism, BootEnv Go interface abstracting GRUB vs RPi boot environments, architecture-aware build scripts, QEMU aarch64 dev VM and boot test. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
28 lines
972 B
Go
28 lines
972 B
Go
// Package bootenv provides a platform-independent interface for managing
|
|
// A/B boot environments. It abstracts GRUB (x86_64) and RPi firmware
|
|
// (ARM64) behind a common interface.
|
|
package bootenv
|
|
|
|
// BootEnv provides read/write access to A/B boot environment variables.
|
|
type BootEnv interface {
|
|
// ActiveSlot returns the currently active boot slot ("A" or "B").
|
|
ActiveSlot() (string, error)
|
|
// PassiveSlot returns the currently passive boot slot.
|
|
PassiveSlot() (string, error)
|
|
// BootCounter returns the current boot counter value.
|
|
BootCounter() (int, error)
|
|
// BootSuccess returns whether the last boot was marked successful.
|
|
BootSuccess() (bool, error)
|
|
// MarkBootSuccess marks the current boot as successful.
|
|
MarkBootSuccess() error
|
|
// ActivateSlot switches the active boot slot and resets the counter.
|
|
ActivateSlot(slot string) error
|
|
// ForceRollback switches to the other slot immediately.
|
|
ForceRollback() error
|
|
}
|
|
|
|
const (
|
|
SlotA = "A"
|
|
SlotB = "B"
|
|
)
|