Package Details: chkboot 1.2-1

Git Clone URL: https://aur.archlinux.org/chkboot.git (read-only)
Package Base: chkboot
Description: Create hashes of all files under /boot and warns the user if they are modified
Upstream URL: https://github.com/grazzolini/chkboot
Keywords: boot check security
Licenses: GPL
Conflicts: chkboot-git
Provides: chkboot-git
Replaces: chkboot-git
Submitter: None
Maintainer: grazzolini
Last Packager: grazzolini
Votes: 13
Popularity: 0.001919
First Submitted: 2012-02-23 08:55
Last Updated: 2016-03-09 14:05

Dependencies (3)

Required by (0)

Sources (2)

Latest Comments

grazzolini commented on 2015-08-17 15:02

@noxp
You're right, this hook has some limitations, specially regarding the usage of a EFI system partition as /boot. I am currently planning a complete revamp of this hook, including a merge with https://aur.archlinux.org/packages/mkinitcpio-chkcryptoboot/

It shouldn't be difficult to add a special case for an EFI system partition, since the UEFI specification determines it must be a FAT filesystem. As for the disk head, it backups the MBR, which on GPT is the protective MBR. Unless you are creating your GPT without it. Right now it backups 512 bytes. But that also backups the partition table, on a MBR disk. If you change your partitioning, it would trigger a false positive chkboot warning.

noxpo commented on 2015-08-16 08:25

Thx for your great work man. My /boot is a FAT32 UEFI System partition on a disk with a GPT label. For this case, I have two suggestions:

1) The number of sectors of the stored disk head should be configurable, I use 34 to cover the entire GPT.

2) The inode and extent fileds in the boot file list don't make a lot of sense for a FAT filesystem, how about comparing the first x sectors of the partiton head holding the file allocation table?

grazzolini commented on 2015-05-04 04:38

@pezz
Expect it to be updated today, at most tomorrow. I still haven't fixed all the bugs chkboot-git had.

pezz commented on 2015-05-03 23:33

Would have been nice to have this updated before deleting chkboot-git.

pezz commented on 2014-02-07 00:29

This is great, nice work!

inhies commented on 2014-01-09 16:00

Updated the package version function, thank you sekret.

In the future if anyone else would like to suggest changes/improvements, I invite you to do so on Github at https://github.com/inhies/arch-packages/tree/master/chkboot-pkgbuild

Thanks!

sekret commented on 2013-12-30 10:44

Hi, could you please use another pkgver function, which increments after new releases? I for example use

pkgver() {
cd "$_pkgname"
echo "$(git log -1 --format="%cd" --date=short | sed 's|-||g').$(git rev-list --count master)"
}

which right now produces

$ pacman -Qi chkboot-git | grep Version
Version : 20131209.22-1

Nicky726 commented on 2013-08-29 11:29

There may be additional changes needed in the script, if your /boot isn't on /dev/sda1, or you use GPT.

Anonymous comment on 2012-02-23 10:52

check
https://wiki.archlinux.org/index.php/System_Encryption_with_LUKS#Securing_the_unencrypted_boot_partition
for more information