linux-secureboot-kit
safeboot
linux-secureboot-kit | safeboot | |
---|---|---|
1 | 6 | |
66 | 264 | |
- | - | |
0.3 | 0.0 | |
over 3 years ago | over 1 year ago | |
Shell | Shell | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
linux-secureboot-kit
-
Linux-native TPM-backed Bitlocker
u/Richard__M I am not sure how much you've dug into the architecture of Mortar, but TL;DR it bypasses grub entirely. A friend of mine developed Snawoot/linux-secureboot-kit which leverages grub's GPG capabilities to essentially daisy-chain trust and accomplish the same thing, but ran into frustrations with broken implementations of the feature with some distributions (*ahem* debian). In my opinion, chaining trust also introduces complexity which case lead to security vulnerabilities both from the software being chained, and through "oops" coding trying to get them to play nicely.
safeboot
-
I have a potentially odd question about unlocking my root partition automatically at boot
You should look at safeboot.dev, they have some code to unseal a LUKS key without totally screwing up your system security. Alternatively systemd-boot has a module that supports it
- Authenticated Boot and Disk Encryption on Linux
-
Actually secure boot (on Fedora)
See e.g. https://github.com/osresearch/safeboot/issues/84 for an example of this OpROM issue on a MSI board.
-
A simple boot setup with SecureBoot
The details can however be found here https://github.com/osresearch/safeboot/issues/84
-
Linux-native TPM-backed Bitlocker
Why a separate software and not a collaboration with https://github.com/osresearch/safeboot/ ?
What are some alternatives?
mortar - Framework to join Linux's physical security bricks.
heads - A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers.
clevis - Automated Encryption Framework
TrustedGRUB2 - DEPRECATED TPM enabled GRUB2 Bootloader
cryptboot - Encrypted boot partition manager with UEFI Secure Boot support
EMBA - EMBA - The firmware security analyzer
sbctl - :computer: :lock: :key: Secure Boot key manager
tpm2-totp - Attest the trustworthiness of a device against a human using time-based one-time passwords
t4ub - A tool to get root privileges on GNU/Linux, injecting malware early in the boot chain. It also works on systems with root encrypted partition. Useful to grab LUKS passwords.