stconfig tool

The stconfig tool provides functionality to create and manipulate a boot ball based on a configuration.

Since the toole works closely with the stboot bootloader, its sources are hostet at the u-root project (stboot branch)

If you already downloaded the u-root git repository and system-transparency git repository, you only need to run the the following inside system-transparency:


When installed the tool supports the following functionality:

stconfig create <path/to/stconfig.json> [-o filename.ball]

This creates a unsigned stboot.ball from a given stconfig.json

stconfig sign <path/to/stboot.ball> <path/to/rsa-public-key> <path/to/rsa-cert>

Sign signs a given stboot.ballcryptographically with the given key and certificate.

stconfig unpack <path/to/stboot.ball>

Unpack takes a given stboot.ball and unpacks it to a directory and tells you the path of the directory. It can be used to insept the stboot.ball

Edit on GitHub