Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in
  • A archiso
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Graph
    • Compare
    • Locked Files
  • Issues 42
    • Issues 42
    • List
    • Boards
    • Service Desk
    • Milestones
    • Iterations
  • Merge requests 13
    • Merge requests 13
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • Arch LinuxArch Linux
  • archiso
  • Merge requests
  • !279

Add physical attackers mitigations

  • Review changes

  • Download
  • Email patches
  • Plain diff
Closed Tallero Tallero requested to merge tallero/archiso:crypto-safeboot into master Aug 12, 2022
  • Overview 67
  • Commits 352
  • Pipelines 56
  • Changes 24

It adds support for a dongle buildmode so that install drives put on writable storage devices become equivalent to those put on write-once storage devices.

The dongle does not require the base ISO image to be encrypted to serve its purpose.

Despite this, this branch is based on !217 (closed) and include !268 (closed), so that it will be easier to move the kernel and the initramfs partition on an encrypted partition at a later stage (GRUB supports booting from a LUKS partition).

Solves #189 (closed).

Includes

  • !217 (closed)
  • !268 (closed)

Notes

It also needs mkinitcpio/mkinitcpio-archiso!27 to be merged into mkinitcpio-archiso and cryptsetup-sigfile (AUR) merged into cryptsetup.

Changes

Follow upstream branch.

Edited Sep 02, 2022 by Tallero Tallero
Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: crypto-safeboot