linux-secureboot-kit
mortar
| linux-secureboot-kit | mortar | |
|---|---|---|
| 1 | 17 | |
| 66 | 208 | |
| - | - | |
| 0.3 | 5.9 | |
| over 3 years ago | 5 months ago | |
| Shell | Shell | |
| MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
linux-secureboot-kit
-
Linux-native TPM-backed Bitlocker
u/Richard__M I am not sure how much you've dug into the architecture of Mortar, but TL;DR it bypasses grub entirely. A friend of mine developed Snawoot/linux-secureboot-kit which leverages grub's GPG capabilities to essentially daisy-chain trust and accomplish the same thing, but ran into frustrations with broken implementations of the feature with some distributions (*ahem* debian). In my opinion, chaining trust also introduces complexity which case lead to security vulnerabilities both from the software being chained, and through "oops" coding trying to get them to play nicely.
mortar
-
WTF is a KDF? A startling revelation from a French prison
Bruteforce of such random password is just not plausible and talks about KDF "weakness" is just a distraction. I think most likely it was evil maid attack.
Here are projects which try to mitigate some of evil maid attack risks:
https://github.com/noahbliss/mortar
https://safeboot.dev/
-
Installation with full-disk, two-factor encryption, secure boot, and TPM
Secure boot and TPM support (à la Mortar: https://github.com/noahbliss/mortar)
-
Complying with the future: Secure Boot and TPM unclocking
There are tools that look to be able to automate it: https://github.com/noahbliss/mortar/blob/master/docs/proxmox-install.md
-
Prevent backup of vTPM2.0 state?
I just went through the process of setting up new ubuntu VM's using full root disk LUKS encryption and auto-unlock via Proxmox's vTPM2.0 and UEFI ( via this extremely helpful resource https://github.com/noahbliss/mortar )
-
tpm2 + luks + ubuntu 18 setup?
I have used this project with Debian+proxmox and it's been working great. https://github.com/noahbliss/mortar but I did read the arch wiki a bit which helped my understanding.
-
What do you don't like about Linux? What is Windows doing better?
There's a project called "mortar" (as in, gluing all these bricks together) that was attempting to simplify this. Though it's lost steam, reading through it's simple bash scripts was a great place to start for me. This guide for Fedora also helped a lot.
-
Authenticated Boot and Disk Encryption on Linux
There have been a number of attempts to solve this problem, but the most complete appear to be Mortar (a project I head) and safeboot.dev
I highly recommend taking a look at either of these projects if you want be able to improve both your convenience through auto unlocking, and security through broadened scope of audit.
https://github.com/noahbliss/mortar
https://safeboot.dev
-
Best Evil Maid prototcol for Linux?
Check out mortar. It uses secure boot and TPM along with LUKS. The creator is super helpful and available on the telegram.
-
Mount encrypted volume at boot?
A more advanced approach would be something like mortar to chain-load signed stuff.
-
Will Proxmox be able to run Windows 11?
There seems to be a workable solution out there for 2.0: https://github.com/noahbliss/mortar/blob/master/docs/proxmox-install.md
What are some alternatives?
clevis - Automated Encryption Framework
sbctl - :computer: :lock: :key: Secure Boot key manager
safeboot - Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support
swtpm - Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface.
TrustedGRUB2 - DEPRECATED TPM enabled GRUB2 Bootloader
EMBA - EMBA - The firmware security analyzer
solo1 - Solo 1 firmware in C
qubes-antievilmaid - Qubes component: antievilmaid
better-initramfs - Small and reliable initramfs solution supporting (remote) rescue shell, lvm, dmcrypt luks, software raid, tuxonice, uswsusp and more.
mkinitcpio - Arch Linux initramfs generation tools (read-only mirror)