diff options
Diffstat (limited to 'index.mdwn')
| -rw-r--r-- | index.mdwn | 78 |
1 files changed, 47 insertions, 31 deletions
@@ -1,44 +1,51 @@ [[!meta title="Bootless: anti-tampering bootloader"]] -**WARNING** - this pre-alpha software with [portuguese-only docs](index.pt)! - * Bootless is a scheme allowing a computer with encrypted disk to stay without attached bootloader in order to make more difficult to tamper the initialization process. * Bootless is a bootloader installed in a removable media and used to initialize computers. * It is based on [git-annex](http://git-annex.branchable.com/) and [GNU Grub](https://www.gnu.org/software/grub/). * Initial support is targeted to Debian like operating systems. -* Bootless currently used in the [Hydra Suite](https://git.sarava.org/?p=hydra.git;a=summary). Index ----- [[!toc levels=4]] -TODO ----- - -- Test: - - [Full disk encryption with LUKS (including /boot) · Pavel Kogan](http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/). - - [Full-Crypto setup with GRUB2](http://michael-prokop.at/blog/2014/02/28/full-crypto-setup-with-grub2/) ([2](http://archimedesden.wordpress.com/2011/10/21/yet-another-full-disk-encryption-with-ubuntu-11-10/)), which could simplify everything! -- Cleanup and translate docs. -- Document `cryptopts` ([1](http://www.c3l.de/linux/howto-completly-encrypted-harddisk-including-suspend-to-encrypted-disk-with-ubuntu-6.10-edgy-eft.html), [2](http://manpages.ubuntu.com/manpages/lucid/man8/initramfs-tools.8.html), [3](http://solvedlinuxissues.blogspot.com.br/2011/11/encrypted-ubuntu-filesystem-on-logical.html), [4](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147), [5](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358452)), see `/usr/share/doc/cryptsetup/README.initramfs.gz` for details. -- Setup issue tracker. -- Add contact information. -- Split bootless script from hydra suite but preserve integration. -- Add pre-built and signed images. -- Integrate with [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html). - Design ------ -We consider that a person has at least a single USB thumb drive which will be used to boot multiple operating systems in multiple machines for multiple different projects/farms (personal, work, hackerspace, etc). Then, the bootless ecosystem will be composed of several repositories glued together: +We consider that the user has at least a single USB thumb drive which will be used to boot multiple operating systems in multiple machines for multiple different projects/farms (personal, work, hackerspace, etc). Then, the bootless ecosystem will be composed of several repositories glued together: + +1. The bootless software repository (if you did not installed it using a package). +2. Main repository, used to glue together the repositories that follows. +3. Bootloader repository (eg. GRUB modules). Does this need to be manager by git or can be generated using grub? +4. Image repositories (can be multiple repositories). + +Current workflow +---------------- + +Based on the [Hydra Suite](https://git.fluxo.info/?p=hydra.git). + +Creating the repository: + + hydra example bootless init ssh://gitosis@example.org/bootless.git + hydra example bootless make /dev/sdb1 + hydra example bootless git pull + hydra example bootless git commit -a + +Creating an image: + + hydra example bootless image - 1. The bootless software repository (if you did not installed it using a package). - 2. Main repository, used to glue together the repositories that follows. - 3. Bootloader repository (eg. GRUB modules). Does this need to be manager by git or can be generated using grub? - 4. Image repositories (can be multiple repositories). +Create image file and record: -Workflow --------- + hydra example bootless image output.img /dev/sdb + +Record directly: + + hydra example bootless image /dev/sdb + +Proposed workflow +----------------- Initialize: @@ -60,15 +67,24 @@ Write image to thumb drive boootless image <device> -References ----------- +TODO +---- + +- Test: + - [Full disk encryption with LUKS (including /boot) · Pavel Kogan](http://www.pavelkogan.com/2014/05/23/luks-full-disk-encryption/). + - [Full-Crypto setup with GRUB2](http://michael-prokop.at/blog/2014/02/28/full-crypto-setup-with-grub2/) ([2](http://archimedesden.wordpress.com/2011/10/21/yet-another-full-disk-encryption-with-ubuntu-11-10/)), which could simplify everything! +- Document `cryptopts` ([1](http://www.c3l.de/linux/howto-completly-encrypted-harddisk-including-suspend-to-encrypted-disk-with-ubuntu-6.10-edgy-eft.html), [2](http://manpages.ubuntu.com/manpages/lucid/man8/initramfs-tools.8.html), [3](http://solvedlinuxissues.blogspot.com.br/2011/11/encrypted-ubuntu-filesystem-on-logical.html), [4](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147), [5](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358452)), see `/usr/share/doc/cryptsetup/README.initramfs.gz` for details. +- Split bootless script from hydra suite but preserve integration. +- Add pre-built and signed images. +- Integrate with [anti-evil-maid](http://theinvisiblethings.blogspot.com.br/2011/09/anti-evil-maid.html). + +Contact +------- -Git: +Write to rhatto at riseup.net. - * http://kerneltrap.org/mailarchive/git/2007/10/7/331471 - * http://stackoverflow.com/questions/37219/how-do-you-remove-a-specific-revision-in-the-git-history - * http://www.alexrothenberg.com/2009/06/changing-history-with-git-rebase-how-to.html - * http://stackoverflow.com/questions/250238/collapsing-a-git-repositorys-history +References +---------- Grub: |