aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--index.mdwn53
1 files changed, 30 insertions, 23 deletions
diff --git a/index.mdwn b/index.mdwn
index ea77af5..576fb6a 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -1,9 +1,9 @@
-[[!meta title="Bootless: anti-tampering bootloader"]]
+[[!meta title="Bootless: evil-maid mitigator"]]
-* Bootless is a scheme allowing a computer with encrypted disk to stay without attached bootloader in order to make more difficult to tamper the initialization process.
-* Bootless is a bootloader installed in a removable media and used to initialize computers.
-* It is based on [git-annex](http://git-annex.branchable.com/) and [GNU Grub](https://www.gnu.org/software/grub/).
-* Initial support is targeted to Debian like operating systems.
+- Bootless is a scheme allowing a computer with encrypted disk to stay without attached bootloader in order to make more difficult to tamper the initialization process.
+- Bootless is a bootloader installed in a removable media and used to initialize computers.
+- It is based on [git-annex](http://git-annex.branchable.com/) and [GNU Grub](https://www.gnu.org/software/grub/).
+- Initial support is targeted to Debian like operating systems.
Index
-----
@@ -70,9 +70,7 @@ Write image to thumb drive
TODO
----
-- Test:
- - [Full disk encryption with LUKS (including /boot) · Pavel Kogan](http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/).
- - [Full-Crypto setup with GRUB2](http://michael-prokop.at/blog/2014/02/28/full-crypto-setup-with-grub2/) ([2](http://archimedesden.wordpress.com/2011/10/21/yet-another-full-disk-encryption-with-ubuntu-11-10/)), which could simplify everything!
+- Full Disk Encryption support.
- Document `cryptopts` ([1](http://www.c3l.de/linux/howto-completly-encrypted-harddisk-including-suspend-to-encrypted-disk-with-ubuntu-6.10-edgy-eft.html), [2](http://manpages.ubuntu.com/manpages/lucid/man8/initramfs-tools.8.html), [3](http://solvedlinuxissues.blogspot.com.br/2011/11/encrypted-ubuntu-filesystem-on-logical.html), [4](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147), [5](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358452)), see `/usr/share/doc/cryptsetup/README.initramfs.gz` for details.
- Split bootless script from hydra suite but preserve integration.
- Add pre-built and signed images.
@@ -88,30 +86,39 @@ References
Grub:
- * [Bootable grub USB stick (EFI and BIOS for Intel)](http://debian-administration.org/users/dkg/weblog/112).
- * [Grub2](https://help.ubuntu.com/community/Grub2) (Ubuntu Help).
- * [GRUB2 Manual](http://grub.enbug.org/Manual) (Wiki).
- * [Using GRUB to Set Up the Boot Process](http://www.linuxfromscratch.org/lfs/view/development/chapter08/grub.html).
- * [GNU Grub Manual](http://www.gnu.org/software/grub/manual/grub.html).
+- [Bootable grub USB stick (EFI and BIOS for Intel)](http://debian-administration.org/users/dkg/weblog/112).
+- [Grub2](https://help.ubuntu.com/community/Grub2) (Ubuntu Help).
+- [GRUB2 Manual](http://grub.enbug.org/Manual) (Wiki).
+- [Using GRUB to Set Up the Boot Process](http://www.linuxfromscratch.org/lfs/view/development/chapter08/grub.html).
+- [GNU Grub Manual](http://www.gnu.org/software/grub/manual/grub.html).
Boot:
- * [Auto-booting and Securing a Linux Server with an Encrypted Filesystem](http://serverfault.com/questions/34794/auto-booting-and-securing-a-linux-server-with-an-encrypted-filesystem).
- * [Smartmonster](https://github.com/ioerror/smartmonster) / [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot).
- * [#348147 - Allow subscripts to alter ROOT (was: Add support for cryptoroot) - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147) ([crypt_root and real_root on gentoo](http://wiki.gentoo.org/wiki/Genkernel)).
+- [Auto-booting and Securing a Linux Server with an Encrypted Filesystem](http://serverfault.com/questions/34794/auto-booting-and-securing-a-linux-server-with-an-encrypted-filesystem).
+- [Smartmonster](https://github.com/ioerror/smartmonster) / [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot).
+- [#348147 - Allow subscripts to alter ROOT (was: Add support for cryptoroot) - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147) ([crypt_root and real_root on gentoo](http://wiki.gentoo.org/wiki/Genkernel)).
Images:
- * [How can I mount a disk image?](http://superuser.com/questions/344899/how-can-i-mount-a-disk-image).
- * [GRUB 2 - OSDev](http://wiki.osdev.org/GRUB_2): instalando o grub em várias mídias distintas.
- * [Disk mounting](http://www.noah.org/wiki/Disk_mounting).
- * [Loop-mounting partitions from a disk image](http://madduck.net/blog/2006.10.20:loop-mounting-partitions-from-a-disk-image/).
+- [How can I mount a disk image?](http://superuser.com/questions/344899/how-can-i-mount-a-disk-image).
+- [GRUB 2 - OSDev](http://wiki.osdev.org/GRUB_2): instalando o grub em várias mídias distintas.
+- [Disk mounting](http://www.noah.org/wiki/Disk_mounting).
+- [Loop-mounting partitions from a disk image](http://madduck.net/blog/2006.10.20:loop-mounting-partitions-from-a-disk-image/).
UEFI:
- * [gummiboot](http://freedesktop.org/wiki/Software/gummiboot/).
- * [booting a self-signed Linux kernel | The Linux Foundation](http://www.linuxfoundation.org/news-media/blogs/browse/2013/09/booting-self-signed-linux-kernel).
+- [gummiboot](http://freedesktop.org/wiki/Software/gummiboot/).
+- [booting a self-signed Linux kernel | The Linux Foundation](http://www.linuxfoundation.org/news-media/blogs/browse/2013/09/booting-self-signed-linux-kernel).
Security:
- * [implementing the evil maid attack on linux with Luks - Pollux's blog](https://www.wzdftpd.net/blog/index.php?post/2009/10/28/44-implementing-the-evil-maid-attack-on-linux-with-luks).
+- [implementing the evil maid attack on linux with Luks - Pollux's blog](https://www.wzdftpd.net/blog/index.php?post/2009/10/28/44-implementing-the-evil-maid-attack-on-linux-with-luks).
+
+Full Disk Encryption:
+
+- [Grub Crypt · Grub with crypto enhancments](http://grub.johnlane.ie/).
+- [Yet Another Full Disk Encryption with Ubuntu 11.10 | On Science and Technology](https://archimedesden.wordpress.com/2011/10/21/yet-another-full-disk-encryption-with-ubuntu-11-10/).
+- [MissingLink.xyz - Tutorial: GRUB2 Cryptomount](http://missinglink.xyz/grub2-bootloader/understanding-grub2-cryptomount/).
+- [Ubuntu Full Disk Encryption (FDE) with encrypted /boot](http://missinglink.xyz/security/tutorial-debianubuntu-full-disk-encryption-luks-fde-including-encrypted-boot/)
+- [Full disk encryption with LUKS (including /boot) · Pavel Kogan](http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/).
+- [Full-Crypto setup with GRUB2](http://michael-prokop.at/blog/2014/02/28/full-crypto-setup-with-grub2/)