cryptboot
Encrypted boot partition manager with UEFI Secure Boot support (by xmikos)
safeboot
Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support (by osresearch)
cryptboot | safeboot | |
---|---|---|
5 | 6 | |
199 | 264 | |
- | - | |
0.0 | 0.0 | |
5 months ago | over 1 year ago | |
Shell | Shell | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cryptboot
Posts with mentions or reviews of cryptboot.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-01-18.
-
Setting up Secure Boot, but the wiki doesn't provide enough info I think
I just completely cheated by using cryptboot. Then it is as simple as cryptboot-efikeys create, then to enroll them into your eufi, cryptboot-efikeys enroll and finally to sign any efi executable (or any file), cryptboot-efikeys sign $FILE. There are other helper scripts, but I don't use them. Full documentation is on their GitHub: https://github.com/xmikos/cryptboot. Good luck!
- Authenticated Boot and Disk Encryption on Linux
-
Physical security tips & recommendations
Prevent evil maid by bringing your devices everywhere. Or you can just switch to GNU/Linux and add https://github.com/xmikos/cryptboot
-
Unencrypted boot partition risks
I think it was this one: https://github.com/xmikos/cryptboot
-
Cool new things on linux world for fresh installation and a bit of my usage different things.
Also, I am pretty sure that you can only have encrypted /boot if you use GRUB. The point of doing so is not really to make sure nobody reads it (there isn't anything interesting on /boot by default), but to make sure that nobody can tamper with it (ignoring the encryption vs authenticated encryption discussion). However, you still have to make sure nobody can tamper with GRUB itself. You might want to check out https://github.com/xmikos/cryptboot if this sounds interesting. Also, there are similar solutions that don't use encrypted /boot, for example booting from signed EFISTUBs, see https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/Secure_Boot#Implementing_Secure_Boot. Also, I don't actually use this kind of setup personally (albeit I'd like to one day), and I am certainly not a security expert, so take this whole paragraph with a big grain of salt, and double check with somebody who actually knows what they are talking about.
safeboot
Posts with mentions or reviews of safeboot.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-09-23.
-
I have a potentially odd question about unlocking my root partition automatically at boot
You should look at safeboot.dev, they have some code to unseal a LUKS key without totally screwing up your system security. Alternatively systemd-boot has a module that supports it
- Authenticated Boot and Disk Encryption on Linux
-
Actually secure boot (on Fedora)
See e.g. https://github.com/osresearch/safeboot/issues/84 for an example of this OpROM issue on a MSI board.
-
A simple boot setup with SecureBoot
The details can however be found here https://github.com/osresearch/safeboot/issues/84
-
Linux-native TPM-backed Bitlocker
Why a separate software and not a collaboration with https://github.com/osresearch/safeboot/ ?
What are some alternatives?
When comparing cryptboot and safeboot you can also consider the following projects:
sbctl - :computer: :lock: :key: Secure Boot key manager
heads - A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers.
dotfiles - :unicorn: My personal dotfiles
clevis - Automated Encryption Framework
linux-secureboot-kit - Tool for complete hardening of Linux boot chain with UEFI Secure Boot
sbupdate - Generate and sign kernel images for UEFI Secure Boot on Arch Linux
TrustedGRUB2 - DEPRECATED TPM enabled GRUB2 Bootloader
mortar - Framework to join Linux's physical security bricks.
tpm2-totp - Attest the trustworthiness of a device against a human using time-based one-time passwords