[[!meta title="Bootless: anti-tampering bootloader"]] **WARNING** - this pre-alpha software with [portuguese-only docs](index.pt)! * Bootless is a scheme allowing a computer with encrypted disk to stay without attached bootloader in order to make more difficult to tamper the initialization process. * Bootless is a bootloader installed in a removable media and used to initialize computers. * It is based on [git-annex](http://git-annex.branchable.com/) and [GNU Grub](https://www.gnu.org/software/grub/). * Initial support is targeted to Debian like operating systems. * Bootless currently used in the [Hydra Suite](https://git.sarava.org/?p=hydra.git;a=summary). Index ----- [[!toc levels=4]] TODO ---- - Cleanup and translate docs. - Document `cryptopts` ([1](http://www.c3l.de/linux/howto-completly-encrypted-harddisk-including-suspend-to-encrypted-disk-with-ubuntu-6.10-edgy-eft.html), [2](http://manpages.ubuntu.com/manpages/lucid/man8/initramfs-tools.8.html), [3](http://solvedlinuxissues.blogspot.com.br/2011/11/encrypted-ubuntu-filesystem-on-logical.html), [4](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147), [5](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358452)). - Setup issue tracker. - Add contact information. - Split bootless script from hydra suite but preserve integration. - Add pre-built and signed images. References ---------- Git: * http://kerneltrap.org/mailarchive/git/2007/10/7/331471 * http://stackoverflow.com/questions/37219/how-do-you-remove-a-specific-revision-in-the-git-history * http://www.alexrothenberg.com/2009/06/changing-history-with-git-rebase-how-to.html * http://stackoverflow.com/questions/250238/collapsing-a-git-repositorys-history Grub: * [Grub2](https://help.ubuntu.com/community/Grub2) (Ubuntu Help). * [GRUB2 Manual](http://grub.enbug.org/Manual) (Wiki). * [Using GRUB to Set Up the Boot Process](http://www.linuxfromscratch.org/lfs/view/development/chapter08/grub.html). * [GNU Grub Manual](http://www.gnu.org/software/grub/manual/grub.html). Boot: * [Auto-booting and Securing a Linux Server with an Encrypted Filesystem](http://serverfault.com/questions/34794/auto-booting-and-securing-a-linux-server-with-an-encrypted-filesystem). * [Smartmonster](https://github.com/ioerror/smartmonster) / [chkboot](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#chkboot). * [#348147 - Allow subscripts to alter ROOT (was: Add support for cryptoroot) - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348147) ([crypt_root and real_root on gentoo](http://wiki.gentoo.org/wiki/Genkernel)). Images: * [How can I mount a disk image?](http://superuser.com/questions/344899/how-can-i-mount-a-disk-image). * [GRUB 2 - OSDev](http://wiki.osdev.org/GRUB_2): instalando o grub em várias mídias distintas. * [Disk mounting](http://www.noah.org/wiki/Disk_mounting). * [Loop-mounting partitions from a disk image](http://madduck.net/blog/2006.10.20:loop-mounting-partitions-from-a-disk-image/). UEFI: * [gummiboot](http://freedesktop.org/wiki/Software/gummiboot/). * [booting a self-signed Linux kernel | The Linux Foundation](http://www.linuxfoundation.org/news-media/blogs/browse/2013/09/booting-self-signed-linux-kernel). Security: * [implementing the evil maid attack on linux with Luks - Pollux's blog](https://www.wzdftpd.net/blog/index.php?post/2009/10/28/44-implementing-the-evil-maid-attack-on-linux-with-luks).