From 6252c998504698c4e67d1e9a26c74cb92f8769a6 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Wed, 5 Sep 2018 12:55:22 +0200 Subject: [PATCH] update README.md --- README.md | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 70fa4ec..043859c 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,20 @@ # FedoraBook -WIP +Let's put all the fancy features together, we developed in the last years: +- Combined kernel+initramfs EFI binaries +- Secure Boot +- clevis with TPM2 +- LUKS2 +- dm-verity + squashfs root +- Flatpak +- flickerless boot +and build a Chromebook like Fedorabook, where you can install all software via Flatpak. + +This is WIP. Please test and report issues or comments on https://pagure.io/Fedorabook/issues ## Goals - secure boot to the login screen +- immutable /usr and maybe /etc - ensured integrity to the login screen - encrypted volatile data - A/B boot switching for updates @@ -18,8 +29,19 @@ WIP ## TODO - merge mkimage.sh and clonedisk +- change partition UUIDs for /data + - UUID for TPM LUKS + - UUID for LUKS + - UUID for unencrypted xfs - update mechanism +- add proper EFI boot manager entries for A and B +- extend efi stub for recovery boot in the old image - signing tools +- firmware update +- selinux? + +## Known Failures +- gnome-software: can't update firmware repo ## Create @@ -45,8 +67,8 @@ $ sudo ./mkimage.sh /dev/disk/by-path/pci-…-usb… ## Install from USB stick - Enter BIOS - - turn on UEFI boot - - turn on TPM2 + - turn on UEFI boot + - turn on TPM2 - Enter BIOS boot menu - Select USB stick - Login (user: admin, pw: admin) @@ -55,3 +77,11 @@ $ sudo ./mkimage.sh /dev/disk/by-path/pci-…-usb… - ```clonedisk ``` - reboot - remove stick + +## Post Boot + +### Persistent journal +```bash +$ sudo mkdir /var/log/journal +``` +