David Sardari<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@Gentoo_eV" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Gentoo_eV</span></a></span> Given that I get a KVM console in time, I will demonstrate my installation guide (<a href="https://gentoo.duxsco.de/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gentoo.duxsco.de/</span><span class="invisible"></span></a>) in English using a <a href="https://fedifreu.de/tags/Hetzner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hetzner</span></a> dedicated server.</p><ul><li><strong>What?</strong> <em>Beyond Secure Boot – Measured Boot on Gentoo Linux?</em></li><li><strong>When?</strong> Saturday, 2024-10-19 at 18:00 UTC (20:00 CEST)</li><li><strong>Where?</strong> Video call via BigBlueButton: <a href="https://bbb.gentoo-ev.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bbb.gentoo-ev.org/</span><span class="invisible"></span></a></li></ul><p>The final setup will feature:</p><ul><li><a href="https://fedifreu.de/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>: All EFI binaries and unified kernel images are signed.</li><li><a href="https://fedifreu.de/tags/MeasuredBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MeasuredBoot</span></a>: <a href="https://fedifreu.de/tags/clevis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>clevis</span></a> and <a href="https://fedifreu.de/tags/tang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tang</span></a> will be used to check the system for manipulations via <a href="https://fedifreu.de/tags/TPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TPM</span></a> 2.0 PCRs and for remote LUKS unlock (you don't need tty).</li><li>Fully encrypted: Except for ESPs, all partitions are <a href="https://fedifreu.de/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a> encrypted.</li><li><a href="https://fedifreu.de/tags/RAID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAID</span></a>: Except for ESPs, <a href="https://fedifreu.de/tags/btrfs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>btrfs</span></a> and <a href="https://fedifreu.de/tags/mdadm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mdadm</span></a> based <a href="https://fedifreu.de/tags/RAID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAID</span></a> are used for all partitions.</li><li>Rescue System: A customised <a href="https://fedifreu.de/tags/SystemRescue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemRescue</span></a> (<a href="https://www.system-rescue.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">system-rescue.org/</span><span class="invisible"></span></a>) supports SSH logins and provides a convenient chroot.sh script.</li><li>Hardened <a href="https://fedifreu.de/tags/Gentoo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gentoo</span></a> <a href="https://fedifreu.de/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> for a highly secure, high stability production environment.</li><li>If enough time is left at the end, <a href="https://fedifreu.de/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> which provides Mandatory Access Control using type enforcement and role-based access control</li></ul>
Recherches récentes
Aucune recherche récente
Options de recherche
Disponible uniquement lorsque vous êtes connecté.
mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.
Administré par :
Statistiques du serveur :
586comptes actifs
mastouille.fr: À propos · Annuaire des profils · Politique de confidentialité
Mastodon: À propos · Télécharger l’application · Raccourcis clavier · Voir le code source · v4.3.4
#clevis
0 message · 0 participant · 0 message aujourd’hui
Edd<p>After a request on the <a href="https://mastodon.eddmil.es/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> community on Lemmy, I wrote up how I use LUKS, Clevis, and Tang to give me network-bound encryption. This means that I can restart my servers as long as they're on my home network without worrying about having to log in to decrypt the drive, but if someone breaks in and steals my servers and turns them on anywhere else, the data on them is safe. <a href="https://i.am.eddmil.es/clevistang/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">i.am.eddmil.es/clevistang/</span><span class="invisible"></span></a></p><p><a href="https://mastodon.eddmil.es/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> <a href="https://mastodon.eddmil.es/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://mastodon.eddmil.es/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a> <a href="https://mastodon.eddmil.es/tags/clevis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>clevis</span></a> <a href="https://mastodon.eddmil.es/tags/tang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tang</span></a></p>
ExplorerFlux en direct
Mastodon est le meilleur moyen de suivre ce qui se passe.
Suivez n'importe qui à travers le fédivers et affichez tout dans un ordre chronologique. Ni algorithmes, ni publicités, ni appâts à clics en perspective.
Créer un compteSe connecterGlissez et déposez pour envoyer