lanzaboote
sandkasten
lanzaboote | sandkasten | |
---|---|---|
4 | 1 | |
671 | 23 | |
7.7% | - | |
8.9 | 9.3 | |
5 days ago | 4 days ago | |
Rust | Rust | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
lanzaboote
-
What is there to NixOS that is not just `nix` the package/config/whatever manager?
Easy peasy secure boot with lanzaboote
-
Lanzaboote vs. bootspec-secureboot
I know of two projects for supporting Secure Boot on NixOS: Lanzaboote and bootspec-secureboot.
-
Nix-Powered Development with OCaml
Afaik it's not finished yet, but there recently has been quite a lot of activity regarding secureboot for nixos https://github.com/nix-community/lanzaboote/
-
It it secure to store LUKS full disk encryption keys in the TPM nowadays?
I've installed NixOS (a Linux distribution) to TerraMaster F2-423 NAS and enabled Secure boot with lanzaboote and LUKS full disk encryption. I enrolled my own secure boot keys becuase that looked like a requirement.
sandkasten
-
Sandboxing C++, Rust, Python Code?
The code is available on GitHub (https://github.com/Defelo/sandkasten) and there is also a link to a public test instance in the readme. Feel free to let me know if this is useful to you or if something is unclear. Any kind of feedback is appreciated!
What are some alternatives?
runix - A type-safe Rust interface to the Nix CLI
nsjail - A lightweight process isolation tool that utilizes Linux namespaces, cgroups, rlimits and seccomp-bpf syscall filters, leveraging the Kafel BPF language for enhanced security.
nixos-apple-silicon - Resources to install NixOS bare metal on Apple Silicon Macs
deadnix - Scan Nix files for dead code
flambda-backend - The Flambda backend project for OCaml
forkfs - ForkFS allows you to sandbox a process's changes to your file system.
ocaml-flake-example - An overly elaborate example of building a ‘Hello World’ package with Nix flakes, OCaml, and Dune
wasmer - 🚀 The leading Wasm Runtime supporting WASIX, WASI and Emscripten
devenv - Fast, Declarative, Reproducible, and Composable Developer Environments
wasmtime - A fast and secure runtime for WebAssembly
nixos-cfgs - my NixOS system configs
utoipa - Simple, Fast, Code first and Compile time generated OpenAPI documentation for Rust