WeOSBoot Configuration Integrity
Boot Configuration Integrity is an automatic integrity verification of boot configuration (CLI under ‘/boot’ context menu or in the web interface under ‘Maintenance->Boot Settings’). This feature is enabled on platforms using the barebox bootloader.
Overview
The main idea behind this feature is to have both bootloader and WeOS check validity of the bootloader environment variables. And in the case of unauthorized modifications warn about it. The bootloader will print a warning on the serial console, and WeOS will log the integrity violation on every boot in the audit log and trigger an alarm. The Power On LED will be set by WeOS to red implicitly due to an alarm being set. Changes to boot configuration are prohibited when a violation is detected.
Note: There are situations when upgrading and downgrading that can result in a Boot Configuration Integrity violation. If that occurs, please use steps below to clear the violation alarm.
Clearing integrity violation
To clear the integrity violation use boot-integrity restore command under ‘/boot/loader’ configuration context. Or in the web interface under ‘Maintenance->Boot Settings’. Restoring will log to audit log and the alarm will be cleared on reboot. Make sure settings are checked to be correct before doing a restore.