|
You are here |
blog.bofh.it | ||
| | | | |
www.berrange.com
|
|
| | | | | [AI summary] The blog post discusses experimenting with sd-boot and unified kernel images in a KVM virtual machine to simplify boot processes in confidential computing environments. | |
| | | | |
blog.jak-linux.org
|
|
| | | | | Today, I wrote sicherboot, a tool to integrate systemd-boot into a Linux distribution in an entirely new way: With secure boot support. To be precise: The use case here is to only run trusted code which then unmounts an otherwise fully encrypted disk, as in my setup: If you want, sicherboot automatically creates db, KEK, and PK keys, and puts the public keys on your EFI System Partition (ESP) together with the KeyTool tool, so you can enroll the keys in UEFI. You can of course also use other keys, you just need to drop a db.crt and a db.key file into /etc/sicherboot/keys. It would be nice if sicherboot could enroll the keys directly in Linux, but there seems to be a bug in efitools preventing that at the moment. For some background: The Platform Key (PK) sig... | |
| | | | |
copyninja.in
|
|
| | | | | ||
| | | | |
www.saminiir.com
|
|
| | | Yet Another Hacker Blog (YAHB). UNIX, Networking, Self-Improvement. | ||