Small refinements

kairos-io · Jan 26, 2024 · 86cca09 · 86cca09
1 parent 22f8d13
commit 86cca09
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 8 deletions.
diff --git a/content/en/docs/Architecture/trustedboot.md b/content/en/docs/Architecture/trustedboot.md
@@ -6,6 +6,9 @@ date: 2022-11-13
 description: >
 ---
 
+{{% alert title="Warning" %}}
+This section is still a work in progress and only available in Kairos v3.x releases and alphas.
+{{% /alert %}}
 
 *FDE* stands for Full Disk Encryption. It is a security measure that encrypts the entire contents of a disk drive, including the operating system, system files, and user data. The purpose of FDE is to protect data stored on the disk from unauthorized access in the event of theft or loss of the device.
 
@@ -17,14 +20,11 @@ By combining Secure Boot, Measured Boot and FDE we can guarantee that a system w
 
 > You can read more about Trusted Boot in https://0pointer.de/blog/brave-new-trusted-boot-world.html and about SENA here: https://kairos.io/blog/2023/04/18/kairos-is-now-part-of-the-secure-edge-native-architecture-by-spectro-cloud-and-intel/
 
-
-
 ### Considerations
 
-
 ### Security considerations
 
-TODO: Design choices (no pivot, no grub, etc)
+TODO: Design choices (no pivot, no grub,)
 
 
 #### Booting command lines

diff --git a/content/en/docs/Installation/trustedboot.md b/content/en/docs/Installation/trustedboot.md
@@ -6,6 +6,11 @@ date: 2022-11-13
 description: >
 ---
 
+
+{{% alert title="Warning" %}}
+This section is still a work in progress and only available in Kairos v3.x releases and alphas.
+{{% /alert %}}
+
 "Trusted Boot" is a combination of technologies that allows us to guarantee that a system was not tampered with, and the user-data is protected by cold attacks, it is composed by FDE, Secure Boot and Measured Boot.
 
 If you want to learn more on what Trusted Boot is and how it works, see the [Trusted Boot Architecture]({{< relref "../architecture/trustedboot" >}}) page. This page describes how to enable Trusted Boot support in Kairos.
@@ -51,7 +56,7 @@ To generate the Secure boot certificates and keys run the following commands:
 
 ```bash
 # Generate the keys
-docker run -v $PWD/keys:/work/keys -ti --rm enki genkey "Kairos" -o /work/keys
+docker run -v $PWD/keys:/work/keys -ti --rm enki genkey "My Kairos" -o /work/keys
 ```
 
 {{% alert title="Warning" %}}
@@ -72,8 +77,28 @@ A video of the process in QEMU is available [here](https://github.com/kairos-io/
 
 To build the installable medium you need to run the following command:
 
+{{% alert title="Warning" %}}
+
+This method is still a work in progress.
+For now build the testing Kairos iso with:
+
+```bash
+# clone the repo
+git clone https://github.com/kairos-io/kairos
+
+# cd into the repo
+cd kairos
+
+# build the iso with Earthly
+earthly +uki-iso --FLAVOR=fedora --FLAVOR_RELEASE=38 --FAMILY=rhel --MODEL=generic --VARIANT=core --BASE_IMAGE=quay.io/kairos/fedora:38-core-amd64-generic-v3.0.0-alpha1
+
+# resulting ISO is in: build/kairos-fedora-38-core-amd64-generic-v3.0.0-alpha1.uki.iso
+```
+
+{{% /alert %}}
+
 ```bash
-CONTAINER_IMAGE=quay.io/kairos/fedora:38-core-amd64-generic-v3.0.0-alpha
+CONTAINER_IMAGE=quay.io/kairos/fedora:38-core-amd64-generic-v3.0.0-alpha1
 docker run --rm -v $PWD/build:/result -v $PWD/keys/:/keys enki build-uki $CONTAINER_IMAGE -o /result/trustedboot.iso -k /keys
 ```
 
@@ -87,6 +112,10 @@ In order to upgrade a node to a new version of the OS, you need to generate agai
 
 To generate the upgrade image you need to create a naked container image containing containing the EFI files, for example:
 
+{{% alert title="Warning" %}}
+Flow not entirely tested/validated yet
+{{% /alert %}}
+
 ```bash
 VERSION=2.5.0-1-g21e04f76.uki
 UKI=kairos-fedora-38-core-amd64-generic-v${VERSION}.efi
@@ -152,11 +181,11 @@ DOCKER
 
 ```bash
 # console only
-docker run --privileged -v $PWD:/work -v /dev/kvm:/dev/kvm --rm -ti fedora-qemu -cdrom /work/kairos-fedora-38-core-amd64-generic-v2.5.0-1-g21e04f76.uki.iso -nographic
+docker run --privileged -v $PWD:/work -v /dev/kvm:/dev/kvm --rm -ti fedora-qemu -cdrom /work/kairos-fedora-38-core-amd64-generic-v3.0.0-alpha1.uki.iso -nographic
 
 # GTK (insecure)
 # xhost si:localuser:root # give access to root account to connect to the X server socket
-# docker run -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --privileged -v $PWD:/work -v /dev/kvm:/dev/kvm --rm -ti fedora-qemu -cdrom /work/kairos-fedora-38-core-amd64-generic-v2.5.0-1-g21e04f76.uki.iso
+# docker run -e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix --privileged -v $PWD:/work -v /dev/kvm:/dev/kvm --rm -ti fedora-qemu -cdrom /work/kairos-fedora-38-core-amd64-generic-v3.0.0-alpha1.uki.iso
 ```
 
 Note: To stop the QEMU container you can use `Ctrl-a x` or `Ctrl-a c` to enter the QEMU console and then `quit` to exit.