Explore >> Select a destination
|
You are here 
|
copyninja.in | ||
| | | | |
chrismcleod.dev
|
|
| | | | | Chris McLeod is a software developer with over 20 years of experience. Sometimes he writes about it. | |
| | | | |
blog.jak-linux.org
|
|
| | | | | Today, I wrote sicherboot, a tool to integrate systemd-boot into a Linux distribution in an entirely new way: With secure boot support. To be precise: The use case here is to only run trusted code which then unmounts an otherwise fully encrypted disk, as in my setup: If you want, sicherboot automatically creates db, KEK, and PK keys, and puts the public keys on your EFI System Partition (ESP) together with the KeyTool tool, so you can enroll the keys in UEFI. You can of course also use other keys, you just need to drop a db.crt and a db.key file into /etc/sicherboot/keys. It would be nice if sicherboot could enroll the keys directly in Linux, but there seems to be a bug in efitools preventing that at the moment. For some background: The Platform Key (PK) sig... | |
| | | | |
blog.lewman.com
|
|
| | | | | TL;DR I finally found a few hours to setup 'secure boot' on... | |
| | | | |
gabevenberg.com
|
|
| | | I've been using Arch Linux for several years now. Of course, my first installs were... blunderous, as i wanted to do full disk encryption from the get-go, and I didn't know what I was doing. After those first one or two installs, I generally settled on LVM on LUKS with a GRUB bootloader and my swap on an LVM volume, mostly because it makes it much easier to setup hibernation/suspend to disk vs, say, a swap file. | ||
