-
safeboot
Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
linux-secureboot-kit
Discontinued Tool for complete hardening of Linux boot chain with UEFI Secure Boot
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Why a separate software and not a collaboration with https://github.com/osresearch/safeboot/ ?
Hey Richard, the either lack of clevis packages in some distros or various issues working with clevis is why I hope to build out a non-clevis-dependent TPM2 implementation. In the meantime though, most of clevis itself is just bash, you might be able to get lucky installing it manually. https://github.com/latchset/clevis
u/Richard__M I am not sure how much you've dug into the architecture of Mortar, but TL;DR it bypasses grub entirely. A friend of mine developed Snawoot/linux-secureboot-kit which leverages grub's GPG capabilities to essentially daisy-chain trust and accomplish the same thing, but ran into frustrations with broken implementations of the feature with some distributions (*ahem* debian). In my opinion, chaining trust also introduces complexity which case lead to security vulnerabilities both from the software being chained, and through "oops" coding trying to get them to play nicely.
What do you think about https://github.com/Rohde-Schwarz/TrustedGRUB2