Authenticated Boot and Disk Encryption on Linux

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Tpm Coreboot luks Bootrom Xen

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured

  • safeboot

    Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support

    • There have been a number of attempts to solve this problem, but the most complete appear to be Mortar (a project I head) and safeboot.dev

    I highly recommend taking a look at either of these projects if you want be able to improve both your convenience through auto unlocking, and security through broadened scope of audit.

    https://github.com/noahbliss/mortar

    https://safeboot.dev

  • cryptboot

    Encrypted boot partition manager with UEFI Secure Boot support

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • sbctl

    :computer: :lock: :key: Secure Boot key manager

    • This is essentially what me and Trammell Hudson has been thinking about. But I don't have any available machines to test this with, and I haven't gotten around to setting up a QEMU vm to test out this theory.

    https://github.com/Foxboron/sbctl/issues/85#issuecomment-886...

  • tpm2-totp

    Attest the trustworthiness of a device against a human using time-based one-time passwords

    • >But okay, you may extend my attack by saying that you exchange the motherboard between the victim and the attacker laptop, so that you don't need to replicate the chassis.

    Modern computers has tamper detection and if you open them you'll need to type the BIOS password.

    However, replacing the motherboard is going to replace the TPM. This is easily detectable with something like tpm2_totp in the bootchain.

    https://github.com/tpm2-software/tpm2-totp

  • mortar

    Framework to join Linux's physical security bricks.

    • There have been a number of attempts to solve this problem, but the most complete appear to be Mortar (a project I head) and safeboot.dev

    I highly recommend taking a look at either of these projects if you want be able to improve both your convenience through auto unlocking, and security through broadened scope of audit.

    https://github.com/noahbliss/mortar

    https://safeboot.dev

  • heads

    A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations and servers.

  • btrfs-todo

    An issues only repo to organize our TODO items

    • fscrypt support for btrfs is still being planned; see the most recent comments at https://github.com/btrfs/btrfs-todo/issues/25

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Thinkpad W530 No GPU output

    1 project | /r/coreboot | 23 Jun 2023

  • Live OS needs a new name, what should it be?

    1 project | /r/i2p | 22 Nov 2022

  • Heads: Minimal Linux that runs as coreboot payload to provide secure environment

    1 project | news.ycombinator.com | 8 Oct 2022

  • Grub, Syslinux, or another bootloader?

    2 projects | /r/Gentoo | 6 Oct 2022

  • verify secure flash

    1 project | /r/coreboot | 3 Sep 2022