Explore >> Select a destination
|
You are here 
|
www.berrange.com | ||
| | | | |
chipnetics.com
|
|
| | | | | My notes for building the latest Linux kernel, and running the latest firmware, for a more bleeding edge experience. | |
| | | | |
blog.jak-linux.org
|
|
| | | | | Today, I wrote sicherboot, a tool to integrate systemd-boot into a Linux distribution in an entirely new way: With secure boot support. To be precise: The use case here is to only run trusted code which then unmounts an otherwise fully encrypted disk, as in my setup: If you want, sicherboot automatically creates db, KEK, and PK keys, and puts the public keys on your EFI System Partition (ESP) together with the KeyTool tool, so you can enroll the keys in UEFI. You can of course also use other keys, you just need to drop a db.crt and a db.key file into /etc/sicherboot/keys. It would be nice if sicherboot could enroll the keys directly in Linux, but there seems to be a bug in efitools preventing that at the moment. For some background: The Platform Key (PK) signs the Key Exchange Key (KEK) which signs the database key (db). The db key is the one signing binaries. | |
| | | | |
linderud.dev
|
|
| | | | | A few months ago I wrote up some code for mkinitcpio which teaches it how to create UEFI executables utilizing the systemd stub. The change can be found here: https://github.com/archlinux/mkinitcpio/pull/53 This is a short introduction to why the feature is great, how it makes it easier to boot your system, and how it can be used to better secure your system with something like secure boot. The Boot Process For the past decade most computers have two ways to boot. | |
| | | | |
www.hanselman.com
|
|
| | | UPDATE: Check out the Podcast I did with Erik Meijer on Hanselminutes this week ... | ||
