VerityBook/README.md

# FedoraBook

WIP

## Goals
- secure boot to the login screen
- ensured integrity to the login screen
- encrypted volatile data
- A/B boot switching for updates
- Flatpak
- basic desktop
- optional: bind encrypted data partition to TPM2
- optional: frequent reencryption of the data partition

## Non-Goals
- can't secure against someone writing anything to disk
- can't secure against someone scraping secret keys from the kernel

## TODO
- merge mkimage.sh and clonedisk
- update mechanism
- signing tools

## Create

```bash
$ sudo ./prepare-root.sh \
  --releasever 29 \
  --pkglist pkglist.txt \
  --excludelist excludelist.txt \
  --logo logo.bmp --name FEDORABOOK \
  --outdir <IMGDIR>
```

## QEMU disk image
```bash
$ sudo ./mkimage.sh <IMGDIR> image.raw 
```

## USB stick
```bash
$ sudo ./mkimage.sh <IMGDIR> /dev/disk/by-path/pci-…-usb…
```

## Install from USB stick

- Enter BIOS
  - turn on UEFI boot
  - turn on TPM2
- Enter BIOS boot menu
- Select USB stick
- Login (user: admin, pw: admin)
- Start gnome-terminal
- sudo
- ```clonedisk <usb stick device> <harddisk device>```
- reboot
- remove stick
initial commit 2018-08-28 09:25:03 +02:00			`# FedoraBook`

			`WIP`

README.md: update 2018-09-05 12:37:00 +02:00			`## Goals`
			`- secure boot to the login screen`
			`- ensured integrity to the login screen`
			`- encrypted volatile data`
			`- A/B boot switching for updates`
			`- Flatpak`
			`- basic desktop`
			`- optional: bind encrypted data partition to TPM2`
			`- optional: frequent reencryption of the data partition`

			`## Non-Goals`
			`- can't secure against someone writing anything to disk`
			`- can't secure against someone scraping secret keys from the kernel`

			`## TODO`
			`- merge mkimage.sh and clonedisk`
			`- update mechanism`
			`- signing tools`

initial commit 2018-08-28 09:25:03 +02:00			`## Create`

			```bash
			`$ sudo ./prepare-root.sh \`
README.md: add --releasever 2018-09-05 12:30:39 +02:00			`--releasever 29 \`
initial commit 2018-08-28 09:25:03 +02:00			`--pkglist pkglist.txt \`
			`--excludelist excludelist.txt \`
			`--logo logo.bmp --name FEDORABOOK \`
			`--outdir <IMGDIR>`
			```

			`## QEMU disk image`
			```bash
README.md: update 2018-09-05 12:37:00 +02:00			`$ sudo ./mkimage.sh <IMGDIR> image.raw`
initial commit 2018-08-28 09:25:03 +02:00			```

			`## USB stick`
			```bash
README.md: update 2018-09-05 12:37:00 +02:00			`$ sudo ./mkimage.sh <IMGDIR> /dev/disk/by-path/pci-…-usb…`
initial commit 2018-08-28 09:25:03 +02:00			```

			`## Install from USB stick`

			`- Enter BIOS`
			`- turn on UEFI boot`
			`- turn on TPM2`
			`- Enter BIOS boot menu`
			`- Select USB stick`
			`- Login (user: admin, pw: admin)`
			`- Start gnome-terminal`
			`- sudo`
			- ```clonedisk <usb stick device> <harddisk device>```
			`- reboot`
			`- remove stick`