Explore >> Select a destination
|
You are here 
|
linderud.dev | ||
| | | | |
debugging.works
|
|
| | | | | A simple demo who to backdoor to break linux full disk encryption | |
| | | | |
blog.jak-linux.org
|
|
| | | | | Today, I wrote sicherboot, a tool to integrate systemd-boot into a Linux distribution in an entirely new way: With secure boot support. To be precise: The use case here is to only run trusted code which then unmounts an otherwise fully encrypted disk, as in my setup: If you want, sicherboot automatically creates db, KEK, and PK keys, and puts the public keys on your EFI System Partition (ESP) together with the KeyTool tool, so you can enroll the keys in UEFI. You can of course also use other keys, you just need to drop a db.crt and a db.key file into /etc/sicherboot/keys. It would be nice if sicherboot could enroll the keys directly in Linux, but there seems to be a bug in efitools preventing that at the moment. For some background: The Platform Key (PK) signs the Key Exchange Key (KEK) which signs the database key (db). The db key is the one signing binaries. | |
| | | | |
github.com
|
|
| | | | | :computer: :lock: :key: Secure Boot key manager. Contribute to Foxboron/sbctl development by creating an account on GitHub. | |
| | | | |
www.cybereason.com
|
|
| | | A critical, unauthenticated remote code execution vulnerability, tracked as CVE-2025-32433, have been discovered in Erlang/OTP's SSH implementation. | ||
