diff options
-rw-r--r-- | index.mdwn | 53 |
1 files changed, 30 insertions, 23 deletions
@@ -1,9 +1,9 @@ -[[!meta title="Bootless: anti-tampering bootloader"]] +[[!meta title="Bootless: evil-maid mitigator"]] -* Bootless is a scheme allowing a computer with encrypted disk to stay without attached bootloader in order to make more difficult to tamper the initialization process. -* Bootless is a bootloader installed in a removable media and used to initialize computers. -* It is based on [git-annex](http://git-annex.branchable.com/) and [GNU Grub](https://www.gnu.org/software/grub/). -* Initial support is targeted to Debian like operating systems. +- Bootless is a scheme allowing a computer with encrypted disk to stay without attached bootloader in order to make more difficult to tamper the initialization process. +- Bootless is a bootloader installed in a removable media and used to initialize computers. +- It is based on [git-annex](http://git-annex.branchable.com/) and [GNU Grub](https://www.gnu.org/software/grub/). +- Initial support is targeted to Debian like operating systems. Index ----- @@ -70,9 +70,7 @@ Write image to thumb drive TODO ---- -- Test: - - [Full disk encryption with LUKS (including /boot) · Pavel Kogan](http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/). - - [Full-Crypto setup with GRUB2](http://michael-prokop.at/blog/2014/02/28/full-crypto-setup-with-grub2/) ([2](http://archimedesden.wordpress.com/2011/10/21/yet-another-full-disk-encryption-with-ubuntu-11-10/)), which could simplify everything! +- Full Disk Encryption support. - Document `cryptopts` ([1](http://www.c3l.de/linux/howto-completly-encrypted-harddisk-including-suspend-to-encrypted-disk-with-ubuntu-6.10-edgy-eft.html), [2](http://manpages.ubuntu.com/manpages/lucid/man8/initramfs-tools.8.html), [3](http://solvedlinuxissues.blogspot.com.br/2011/11/encrypted-ubuntu-filesystem-on-logical.html), [4](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147), [5](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358452)), see `/usr/share/doc/cryptsetup/README.initramfs.gz` for details. - Split bootless script from hydra suite but preserve integration. - Add pre-built and signed images. @@ -88,30 +86,39 @@ References Grub: - * [Bootable grub USB stick (EFI and BIOS for Intel)](http://debian-administration.org/users/dkg/weblog/112). - * [Grub2](https://help.ubuntu.com/community/Grub2) (Ubuntu Help). - * [GRUB2 Manual](http://grub.enbug.org/Manual) (Wiki). - * [Using GRUB to Set Up the Boot Process](http://www.linuxfromscratch.org/lfs/view/development/chapter08/grub.html). - * [GNU Grub Manual](http://www.gnu.org/software/grub/manual/grub.html). +- [Bootable grub USB stick (EFI and BIOS for Intel)](http://debian-administration.org/users/dkg/weblog/112). +- [Grub2](https://help.ubuntu.com/community/Grub2) (Ubuntu Help). +- [GRUB2 Manual](http://grub.enbug.org/Manual) (Wiki). +- [Using GRUB to Set Up the Boot Process](http://www.linuxfromscratch.org/lfs/view/development/chapter08/grub.html). +- [GNU Grub Manual](http://www.gnu.org/software/grub/manual/grub.html). Boot: - * [Auto-booting and Securing a Linux Server with an Encrypted Filesystem](http://serverfault.com/questions/34794/auto-booting-and-securing-a-linux-server-with-an-encrypted-filesystem). - * [Smartmonster](https://github.com/ioerror/smartmonster) / [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot). - * [#348147 - Allow subscripts to alter ROOT (was: Add support for cryptoroot) - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147) ([crypt_root and real_root on gentoo](http://wiki.gentoo.org/wiki/Genkernel)). +- [Auto-booting and Securing a Linux Server with an Encrypted Filesystem](http://serverfault.com/questions/34794/auto-booting-and-securing-a-linux-server-with-an-encrypted-filesystem). +- [Smartmonster](https://github.com/ioerror/smartmonster) / [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot). +- [#348147 - Allow subscripts to alter ROOT (was: Add support for cryptoroot) - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147) ([crypt_root and real_root on gentoo](http://wiki.gentoo.org/wiki/Genkernel)). Images: - * [How can I mount a disk image?](http://superuser.com/questions/344899/how-can-i-mount-a-disk-image). - * [GRUB 2 - OSDev](http://wiki.osdev.org/GRUB_2): instalando o grub em várias mídias distintas. - * [Disk mounting](http://www.noah.org/wiki/Disk_mounting). - * [Loop-mounting partitions from a disk image](http://madduck.net/blog/2006.10.20:loop-mounting-partitions-from-a-disk-image/). +- [How can I mount a disk image?](http://superuser.com/questions/344899/how-can-i-mount-a-disk-image). +- [GRUB 2 - OSDev](http://wiki.osdev.org/GRUB_2): instalando o grub em várias mídias distintas. +- [Disk mounting](http://www.noah.org/wiki/Disk_mounting). +- [Loop-mounting partitions from a disk image](http://madduck.net/blog/2006.10.20:loop-mounting-partitions-from-a-disk-image/). UEFI: - * [gummiboot](http://freedesktop.org/wiki/Software/gummiboot/). - * [booting a self-signed Linux kernel | The Linux Foundation](http://www.linuxfoundation.org/news-media/blogs/browse/2013/09/booting-self-signed-linux-kernel). +- [gummiboot](http://freedesktop.org/wiki/Software/gummiboot/). +- [booting a self-signed Linux kernel | The Linux Foundation](http://www.linuxfoundation.org/news-media/blogs/browse/2013/09/booting-self-signed-linux-kernel). Security: - * [implementing the evil maid attack on linux with Luks - Pollux's blog](https://www.wzdftpd.net/blog/index.php?post/2009/10/28/44-implementing-the-evil-maid-attack-on-linux-with-luks). +- [implementing the evil maid attack on linux with Luks - Pollux's blog](https://www.wzdftpd.net/blog/index.php?post/2009/10/28/44-implementing-the-evil-maid-attack-on-linux-with-luks). + +Full Disk Encryption: + +- [Grub Crypt · Grub with crypto enhancments](http://grub.johnlane.ie/). +- [Yet Another Full Disk Encryption with Ubuntu 11.10 | On Science and Technology](https://archimedesden.wordpress.com/2011/10/21/yet-another-full-disk-encryption-with-ubuntu-11-10/). +- [MissingLink.xyz - Tutorial: GRUB2 Cryptomount](http://missinglink.xyz/grub2-bootloader/understanding-grub2-cryptomount/). +- [Ubuntu Full Disk Encryption (FDE) with encrypted /boot](http://missinglink.xyz/security/tutorial-debianubuntu-full-disk-encryption-luks-fde-including-encrypted-boot/) +- [Full disk encryption with LUKS (including /boot) · Pavel Kogan](http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/). +- [Full-Crypto setup with GRUB2](http://michael-prokop.at/blog/2014/02/28/full-crypto-setup-with-grub2/) |