New Features:
pre-boot access control list, aka.
BootACL
support [!119]- domains objects are now persistent
- new
Uid
(dbus) /uid
(object) property derived from the uuid of the device representing the root switch
sysfs
andid
attribute will be set/unset on connects and disconnects
- domains are now stored in the boltd database
- domains got the
BootACL
(dbus) /bootacl
(object) property
- uuids can be added, removed or set in batch
- when domain is online: changes are written to the sysfs
boot_acl
attribute directly
- when domain is offline: changes are written to a journal and then reapplied in order when the domain is connected
- newly enrolled devices get added to all bootacls of all domains if the
policy
isBOLT_POLICY_AUTO
- removed devices get deleted from all bootacls of all domains
boltacl domain
command will show the bootacl slots and their content
- domains objects are now persistent
boltctl
gained the-U, --uuid
option, to control how uuids are printed [!124]
Improvements and fixes:
Testing [!127]
- The test coverage increased to
84.80%
overall and to90.0%
for theboltd
source
- Coverage is reported for merge requests via the fedora ci image [!126]
boltctl
is now included in the tests [!132]
- Fedora 29 is used for the fedora ci image
- The test coverage increased to
Bugs and robustness:
- The device state is verified in
Device.Authorize
[!120]
- Handle empty 'keys' sysfs device attribute [!129]
- Properly adjust policies when enrolling already authorized devices [!136]
- Fix potential crasher when logging assertions
g_return_if_fail
[!121]
- The device state is verified in