-
safeboot
Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
tpm2-totp
Attest the trustworthiness of a device against a human using time-based one-time passwords
-
heads
A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
There have been a number of attempts to solve this problem, but the most complete appear to be Mortar (a project I head) and safeboot.dev
I highly recommend taking a look at either of these projects if you want be able to improve both your convenience through auto unlocking, and security through broadened scope of audit.
https://github.com/noahbliss/mortar
https://safeboot.dev
This is essentially what me and Trammell Hudson has been thinking about. But I don't have any available machines to test this with, and I haven't gotten around to setting up a QEMU vm to test out this theory.
https://github.com/Foxboron/sbctl/issues/85#issuecomment-886...
>But okay, you may extend my attack by saying that you exchange the motherboard between the victim and the attacker laptop, so that you don't need to replicate the chassis.
Modern computers has tamper detection and if you open them you'll need to type the BIOS password.
However, replacing the motherboard is going to replace the TPM. This is easily detectable with something like tpm2_totp in the bootchain.
https://github.com/tpm2-software/tpm2-totp
There have been a number of attempts to solve this problem, but the most complete appear to be Mortar (a project I head) and safeboot.dev
I highly recommend taking a look at either of these projects if you want be able to improve both your convenience through auto unlocking, and security through broadened scope of audit.
https://github.com/noahbliss/mortar
https://safeboot.dev
fscrypt support for btrfs is still being planned; see the most recent comments at https://github.com/btrfs/btrfs-todo/issues/25