heads
A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers. (by linuxboot)
safeboot
Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support (by osresearch)
| heads | safeboot | |
|---|---|---|
| 31 | 6 | |
| 1,380 | 264 | |
| 0.9% | - | |
| 9.5 | 0.0 | |
| 7 days ago | over 1 year ago | |
| Makefile | Shell | |
| GNU General Public License v3.0 only | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
heads
Posts with mentions or reviews of heads.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-04-03.
-
Thinkpad W530 No GPU output
I downloaded the VGA ROM for my Thinkpad W530 for both the Intel IGPU and Nvidia Quadro K1000M using this and configured the build config to use them with the correct PCI ports (8086,0166 10de,0ffc). Everything works fine except the output for both the VGA and the mini DP port. Does anyone have any ideas of what I could be missing here?
-
Can i make full disk encryption more convenient or should i just use an encrypted home dir?
You may be interested in Heads, which is available on Purism laptops under the name PureBoot. Though this really needs a coreboot-capable machine, I think, and isn't something you can just add to your existing UEFI boot chain.
-
Getting LUKS, Btrfs, Hibernation and Swap file working in tandem
You don't need to encrypt anything to verify those images, you just need to sign them. See how Heads does this.
https://github.com/osresearch/heads
-
Live OS needs a new name, what should it be?
Unfortunately there is also the Heads secure firmware: https://osresearch.net/ as well. Otherwise my vote would go to Heads. Liive OS could be pretty hard to optimize in a search engine, they'll think it's misspelled. Could call it "Miles" and just never ack the reference...
- Heads: Minimal Linux that runs as coreboot payload to provide secure environment
-
Grub, Syslinux, or another bootloader?
Heads, https://osresearch.net/
-
verify secure flash
If you worried about malicious changes, there is the write lock protection feature in coreboot that prevents internal flashing. This would require you to flash externally whenever you want to update coreboot. If worried someone will also flash your BIOS externally, you may want to look into Heads
- Dedicated mini PC for Bitcoin transactions with no wifi? Most Raspberry Pi models have wifi and the zero 1.3 seems to have been discontinued
- Physical Key Computer Access
- Is TPM actually anti-consumer?
safeboot
Posts with mentions or reviews of safeboot.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2021-09-23.
-
I have a potentially odd question about unlocking my root partition automatically at boot
You should look at safeboot.dev, they have some code to unseal a LUKS key without totally screwing up your system security. Alternatively systemd-boot has a module that supports it
- Authenticated Boot and Disk Encryption on Linux
-
Actually secure boot (on Fedora)
See e.g. https://github.com/osresearch/safeboot/issues/84 for an example of this OpROM issue on a MSI board.
-
A simple boot setup with SecureBoot
The details can however be found here https://github.com/osresearch/safeboot/issues/84
-
Linux-native TPM-backed Bitlocker
Why a separate software and not a collaboration with https://github.com/osresearch/safeboot/ ?
What are some alternatives?
When comparing heads and safeboot you can also consider the following projects:
skulls - pre-built coreboot images and documentation on how to flash them for Thinkpad Laptops
clevis - Automated Encryption Framework
1vyrain - LiveUSB Bootable exploit chain to unlock all features of xx30 ThinkPad machines. WiFi Whitelist, Advanced Menu, Overclocking.
cryptboot - Encrypted boot partition manager with UEFI Secure Boot support
NanoPi-R4S-OpenWRT - OpenWrt Frimwares for FriendlyARM NanoPi R4S
linux-secureboot-kit - Tool for complete hardening of Linux boot chain with UEFI Secure Boot
EMBA - EMBA - The firmware security analyzer
TrustedGRUB2 - DEPRECATED TPM enabled GRUB2 Bootloader
sbctl - :computer: :lock: :key: Secure Boot key manager
mortar - Framework to join Linux's physical security bricks.
IVprep - Downgrade any xx30 series ThinkPad to an 1vyrain compatible BIOS version.