enclaver
zfsbootmenu
enclaver | zfsbootmenu | |
---|---|---|
8 | 161 | |
119 | 763 | |
2.6% | 2.4% | |
8.1 | 9.2 | |
3 months ago | 3 days ago | |
Rust | Shell | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
enclaver
-
PostgreSQL Encryption: The Available Options
If you're looking for the best way to take a container and run it with Nitro, I work on https://github.com/edgebitio/enclaver
Works great with Kubernetes as a DaemonSet or straight on a VM.
-
Ask HN: What Are You Working on This Year?
Building a tool for running secure enclaves called Enclaver (https://github.com/edgebitio/enclaver). There is a big opportunity for keeping data encrypted while running code against it within enclaves.
And a more secure software supply chain is possible with device attestation and cryptographic measurements of software.
-
My company open sourced our tool to mix pods with secure enclaves into a regular EKS cluster
Check out the code on GitHub: https://github.com/edgebitio/enclaver
-
Supabase secrets management available in beta
I'm building the "in-use" part of this right now...what if you could encrypt your data with an encryption key (at-rest), _but also_ to a set of code that is allowed to decrypt it (in-use). If that code is identified cryptographically, its identity can't be spoofed or stolen.
We're exploring secure enclaves as the protected runtime env and the code attestation generation: https://github.com/edgebitio/enclaver
- Enclaver - run code in secure enclaves so it can't be observed by any human (like your iPhone enclave, but on AWS servers instead)
- Show HN: Enclaver – create and run secure enclaves
-
What’s the coolest thing you did this year?
I have been building out an open source project called Enclaver, which allows you to wrap sensitive workloads inside of a secure enclave (the same as your iPhone, but on servers). It's intended for anything you don't want observed, like JWT signers, encryption/decryption, partner integrations using highly privileged API keys, etc.
-
The Security Design of the AWS Nitro System
I found the side channel protection and CPU/L1 isolation between customers to be particularly interesting.
Very cool to see the physical hardware interconnects for resetting the system. Also the PCI bus as one of the isolating boundaries.
I have built an open source project for managing Nitro Enclaves (https://github.com/edgebitio/enclaver), so it is cool to see how these build on this foundation to provide even more protection.
zfsbootmenu
-
Bash Debugging
We use a couple nice home-grown functions in ZFSBootMenu to help debug things. We have a zdebug logging function that's peppered liberally throughout the code base - https://github.com/zbm-dev/zfsbootmenu/blob/master/zfsbootme...
Hitting ctrl-t on our main menu will, when booting with debug logging enabled, show a screen like this: https://imgur.com/Ge75zkP
We also have a flamegraph profiling mechanism that can be enabled with https://github.com/zbm-dev/zfsbootmenu/blob/master/zfsbootme... . That will dump data to a serial port, which when re-assembled, can be used to produce a graph like https://raw.githubusercontent.com/zbm-dev/zfsbootmenu/master...
Bash is suprisingly flexible.
-
Pure Bash Bible
A lot of what's in the Pure Bash Bible is horrifically slow. Many of those things are substantially faster, even when paying the cost of starting a new process, when you use an external and commonly available tool. I wrote a bash performance profiler that outputs data in a format that flamegraph.pl recognizes - it really helped identify where we could improve the performance of ZFSBootMenu.
https://github.com/zbm-dev/zfsbootmenu/releases/tag/v1.12.0
Don't fall in the trap of thinking things have to be written entirely in bash; it's okay to use other tools to help fill in the gaps.
-
Some preinstalled options/defaults suggestion
If instead of "opensuse" you're asking for bootloader as grub can't boot from zfs, then, like i metnioned, i don't use grub2, i uninstalled it, instead i'm using https://github.com/zbm-dev/zfsbootmenu
-
ZFSBootMenu how to increase font resolution?
I thought the following was supposed to fix this issue: https://github.com/zbm-dev/zfsbootmenu/commit/84da18e64ebcc0c483e7b2c7d3972f7d91784e63
-
How do I configure the refind.conf and refind_linux.conf (and or config.yaml (for ZFSBootMenu)) files properly when installing Arch Linux with ZFS Native Encryption?
All release assets, including EFI executables and kernel/initramfs pairs, are signed with signify, which provides a simple method for verifying that the contents of the file are as this project intended. Once you've installed signify (that's left as an exercise, although Void Linux provides the signify package for this purpose), just download the desired assets from the ZFSBootMenu release page, download the file sha256.sig alongside it, and run:
-
How to keep Ubuntu from creating a dozen /var subdirectories?
I think the consensus is that you probably shouldn't be installing a ZFS on root using the native installer anymore. They aren't really maintaining the packages that make that work. Instead the suggestion is to go the zfsbootmenu route of installing.
-
Cloned my root dataset and now it won't boot because NTP daemon can't reach time servers
Glad to hear that everything is working for you! I've opened a PR that adds a warning about this condition - it should likely make it into 2.2.0.
-
Ubuntu 23.04 Desktop's New Installer Set To Ship Without OpenZFS Install Support
You can install following instructions at https://openzfs.github.io/openzfs-docs/Getting%20Started/Debian/Debian%20Bullseye%20Root%20on%20ZFS.html which I've automated with https://github.com/HankB/Linux_ZFS_Root/tree/master/Debian. For scripting, you should also look at https://github.com/zbm-dev/zfsbootmenu. I'd probably go that way if I were starting from scratch.
-
Void Linux and root-on-ZFS question
ZBM provides an amazingly useful script in it's wiki here. This runs when a new kernel is updated by xbps and it snapshots your system before the kernel is installed. This creates a boot environment, and via the magic of ZFS boot environments, allows you to rollback any kernel update to a known, working configuration.
-
When root on ZFS breaks on Arch Linux
* https://docs.oracle.com/cd/E86824_01/html/E54764/beadm-1m.ht...
> A ZFS boot environment is a bootable clone of the datasets needed to boot the operating system. Creating a BE before performing an upgrade provides a low-cost safeguard: if there is a problem with the update, the system can be rebooted back to the point in time before the upgrade.
* https://klarasystems.com/articles/managing-boot-environments...
Or perhaps:
> In essence, ZFSBootMenu is a small, self-contained Linux system that knows how to find other Linux kernels and initramfs images within ZFS filesystems. When a suitable kernel and initramfs are identified (either through an automatic process or direct user selection), ZFSBootMenu launches that kernel using the kexec command.
* https://github.com/zbm-dev/zfsbootmenu