home.social

#measuredboot — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #measuredboot, aggregated by home.social.

  1. @Gentoo_eV Given that I get a KVM console in time, I will demonstrate my installation guide (gentoo.duxsco.de/) in English using a #Hetzner dedicated server.

    • What? Beyond Secure Boot – Measured Boot on Gentoo Linux?
    • When? Saturday, 2024-10-19 at 18:00 UTC (20:00 CEST)
    • Where? Video call via BigBlueButton: bbb.gentoo-ev.org/

    The final setup will feature:

    • #SecureBoot: All EFI binaries and unified kernel images are signed.
    • #MeasuredBoot: #clevis and #tang will be used to check the system for manipulations via #TPM 2.0 PCRs and for remote LUKS unlock (you don't need tty).
    • Fully encrypted: Except for ESPs, all partitions are #LUKS encrypted.
    • #RAID: Except for ESPs, #btrfs and #mdadm based #RAID are used for all partitions.
    • Rescue System: A customised #SystemRescue (system-rescue.org/) supports SSH logins and provides a convenient chroot.sh script.
    • Hardened #Gentoo #Linux for a highly secure, high stability production environment.
    • If enough time is left at the end, #SELinux which provides Mandatory Access Control using type enforcement and role-based access control
  2. @Gentoo_eV Given that I get a KVM console in time, I will demonstrate my installation guide (gentoo.duxsco.de/) in English using a #Hetzner dedicated server.

    • What? Beyond Secure Boot – Measured Boot on Gentoo Linux?
    • When? Saturday, 2024-10-19 at 18:00 UTC (20:00 CEST)
    • Where? Video call via BigBlueButton: bbb.gentoo-ev.org/

    The final setup will feature:

    • #SecureBoot: All EFI binaries and unified kernel images are signed.
    • #MeasuredBoot: #clevis and #tang will be used to check the system for manipulations via #TPM 2.0 PCRs and for remote LUKS unlock (you don't need tty).
    • Fully encrypted: Except for ESPs, all partitions are #LUKS encrypted.
    • #RAID: Except for ESPs, #btrfs and #mdadm based #RAID are used for all partitions.
    • Rescue System: A customised #SystemRescue (system-rescue.org/) supports SSH logins and provides a convenient chroot.sh script.
    • Hardened #Gentoo #Linux for a highly secure, high stability production environment.
    • If enough time is left at the end, #SELinux which provides Mandatory Access Control using type enforcement and role-based access control
  3. @Gentoo_eV Given that I get a KVM console in time, I will demonstrate my installation guide (gentoo.duxsco.de/) in English using a #Hetzner dedicated server.

    • What? Beyond Secure Boot – Measured Boot on Gentoo Linux?
    • When? Saturday, 2024-10-19 at 18:00 UTC (20:00 CEST)
    • Where? Video call via BigBlueButton: bbb.gentoo-ev.org/

    The final setup will feature:

    • #SecureBoot: All EFI binaries and unified kernel images are signed.
    • #MeasuredBoot: #clevis and #tang will be used to check the system for manipulations via #TPM 2.0 PCRs and for remote LUKS unlock (you don't need tty).
    • Fully encrypted: Except for ESPs, all partitions are #LUKS encrypted.
    • #RAID: Except for ESPs, #btrfs and #mdadm based #RAID are used for all partitions.
    • Rescue System: A customised #SystemRescue (system-rescue.org/) supports SSH logins and provides a convenient chroot.sh script.
    • Hardened #Gentoo #Linux for a highly secure, high stability production environment.
    • If enough time is left at the end, #SELinux which provides Mandatory Access Control using type enforcement and role-based access control
  4. @Gentoo_eV Given that I get a KVM console in time, I will demonstrate my installation guide (gentoo.duxsco.de/) in English using a #Hetzner dedicated server.

    • What? Beyond Secure Boot – Measured Boot on Gentoo Linux?
    • When? Saturday, 2024-10-19 at 18:00 UTC (20:00 CEST)
    • Where? Video call via BigBlueButton: bbb.gentoo-ev.org/

    The final setup will feature:

    • #SecureBoot: All EFI binaries and unified kernel images are signed.
    • #MeasuredBoot: #clevis and #tang will be used to check the system for manipulations via #TPM 2.0 PCRs and for remote LUKS unlock (you don't need tty).
    • Fully encrypted: Except for ESPs, all partitions are #LUKS encrypted.
    • #RAID: Except for ESPs, #btrfs and #mdadm based #RAID are used for all partitions.
    • Rescue System: A customised #SystemRescue (system-rescue.org/) supports SSH logins and provides a convenient chroot.sh script.
    • Hardened #Gentoo #Linux for a highly secure, high stability production environment.
    • If enough time is left at the end, #SELinux which provides Mandatory Access Control using type enforcement and role-based access control
  5. @Gentoo_eV Given that I get a KVM console in time, I will demonstrate my installation guide (gentoo.duxsco.de/) in English using a #Hetzner dedicated server.

    • What? Beyond Secure Boot – Measured Boot on Gentoo Linux?
    • When? Saturday, 2024-10-19 at 18:00 UTC (20:00 CEST)
    • Where? Video call via BigBlueButton: bbb.gentoo-ev.org/

    The final setup will feature:

    • #SecureBoot: All EFI binaries and unified kernel images are signed.
    • #MeasuredBoot: #clevis and #tang will be used to check the system for manipulations via #TPM 2.0 PCRs and for remote LUKS unlock (you don't need tty).
    • Fully encrypted: Except for ESPs, all partitions are #LUKS encrypted.
    • #RAID: Except for ESPs, #btrfs and #mdadm based #RAID are used for all partitions.
    • Rescue System: A customised #SystemRescue (system-rescue.org/) supports SSH logins and provides a convenient chroot.sh script.
    • Hardened #Gentoo #Linux for a highly secure, high stability production environment.
    • If enough time is left at the end, #SELinux which provides Mandatory Access Control using type enforcement and role-based access control