README.md: update
This commit is contained in:
Harald Hoyer
parent
46bf3defea
commit
dfc067af2f
23
README.md
23
README.md
|
|
@ -2,6 +2,25 @@
|
||||||
|
|
||||||
WIP
|
WIP
|
||||||
|
|
||||||
|
## Goals
|
||||||
|
- secure boot to the login screen
|
||||||
|
- ensured integrity to the login screen
|
||||||
|
- encrypted volatile data
|
||||||
|
- A/B boot switching for updates
|
||||||
|
- Flatpak
|
||||||
|
- basic desktop
|
||||||
|
- optional: bind encrypted data partition to TPM2
|
||||||
|
- optional: frequent reencryption of the data partition
|
||||||
|
|
||||||
|
## Non-Goals
|
||||||
|
- can't secure against someone writing anything to disk
|
||||||
|
- can't secure against someone scraping secret keys from the kernel
|
||||||
|
|
||||||
|
## TODO
|
||||||
|
- merge mkimage.sh and clonedisk
|
||||||
|
- update mechanism
|
||||||
|
- signing tools
|
||||||
|
|
||||||
## Create
|
## Create
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
|
|
@ -15,12 +34,12 @@ $ sudo ./prepare-root.sh \
|
||||||
|
|
||||||
## QEMU disk image
|
## QEMU disk image
|
||||||
```bash
|
```bash
|
||||||
$ sudo ./mkimage.sh <IMGDIR> image.raw
|
$ sudo ./mkimage.sh <IMGDIR> image.raw
|
||||||
```
|
```
|
||||||
|
|
||||||
## USB stick
|
## USB stick
|
||||||
```bash
|
```bash
|
||||||
$ sudo ./mkimage.sh <IMGDIR> /dev/disk/by-path/pci-…-usb…
|
$ sudo ./mkimage.sh <IMGDIR> /dev/disk/by-path/pci-…-usb…
|
||||||
```
|
```
|
||||||
|
|
||||||
## Install from USB stick
|
## Install from USB stick
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue