Explore >> Select a destination
|
You are here 
|
www.berrange.com | ||
| | | | |
blog.jak-linux.org
|
|
| | | | | Today, I wrote sicherboot, a tool to integrate systemd-boot into a Linux distribution in an entirely new way: With secure boot support. To be precise: The use case here is to only run trusted code which then unmounts an otherwise fully encrypted disk, as in my setup: If you want, sicherboot automatically creates db, KEK, and PK keys, and puts the public keys on your EFI System Partition (ESP) together with the KeyTool tool, so you can enroll the keys in UEFI. You can of course also use other keys, you just need to drop a db.crt and a db.key file into /etc/sicherboot/keys. It would be nice if sicherboot could enroll the keys directly in Linux, but there seems to be a bug in efitools preventing that at the moment. For some background: The Platform Key (PK) signs the Key Exchange Key (KEK) which signs the database key (db). The db key is the one signing binaries. | |
| | | | |
www.linux.it
|
|
| | | | | To create a bootable EFI drive to use with QEMU, first make a disk image and create a vfat filesystem on it. $ dd if=/dev/zero of=boot.img bs=1M count=512 $ sudo ... | |
| | | | |
www.linux.it
|
|
| | | | | There are many valid reasons to create a custom Debian Installer image. You may need to pass some special arguments to the kernel, use a different GRUB version, automate ... | |
| | | | |
rajkumaar.co.in
|
|
| | | It was during COVID-19 that I thought of buying a Raspberry Pi 4, purely out of boredom. | ||
