Find a file

Harald Hoyer dfc067af2f README.md: update		2018-09-05 12:37:00 +02:00
quirks	quirks/nss_db.sh: fixed libc quirk	2018-09-05 12:30:55 +02:00
clonedisk.sh	initial commit	2018-09-05 11:49:57 +02:00
excludelist.txt	initial commit	2018-09-05 11:49:57 +02:00
logo.bmp	initial commit	2018-09-05 11:49:57 +02:00
mkimage.sh	initial commit	2018-09-05 11:49:57 +02:00
pkglist-min.txt	initial commit	2018-09-05 11:49:57 +02:00
pkglist-sssd.txt	initial commit	2018-09-05 11:49:57 +02:00
pkglist.txt	initial commit	2018-09-05 11:49:57 +02:00
pre-pivot.sh	initial commit	2018-09-05 11:49:57 +02:00
prepare-root.sh	initial commit	2018-09-05 11:49:57 +02:00
README.md	README.md: update	2018-09-05 12:37:00 +02:00

README.md

FedoraBook

WIP

Goals

secure boot to the login screen
ensured integrity to the login screen
encrypted volatile data
A/B boot switching for updates
Flatpak
basic desktop
optional: bind encrypted data partition to TPM2
optional: frequent reencryption of the data partition

Non-Goals

can't secure against someone writing anything to disk
can't secure against someone scraping secret keys from the kernel

TODO

merge mkimage.sh and clonedisk
update mechanism
signing tools

Create

$ sudo ./prepare-root.sh \
  --releasever 29 \
  --pkglist pkglist.txt \
  --excludelist excludelist.txt \
  --logo logo.bmp --name FEDORABOOK \
  --outdir <IMGDIR>

QEMU disk image

$ sudo ./mkimage.sh <IMGDIR> image.raw

USB stick

$ sudo ./mkimage.sh <IMGDIR> /dev/disk/by-path/pci-…-usb…

Install from USB stick

Enter BIOS
- turn on UEFI boot
- turn on TPM2
Enter BIOS boot menu
Select USB stick
Login (user: admin, pw: admin)
Start gnome-terminal
sudo
clonedisk <usb stick device> <harddisk device>
reboot
remove stick