Authenticated Boot and Disk Encryption

Authenticated Boot and Disk Encryption

[Reza Housseini]

[-- Attachment #1: Type: text/plain, Size: 430 bytes --]

Hello Guix!

I came across this blog post
<https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html>
and was wondering what is the state of authenticated boot and encryption in
Guix System?
I have this vision where you define such things in your system guile script
and everything gets configured appropriately, or at least the default setup
is as secure as possible.

Thanks for any insights.

Cheers, Reza

[-- Attachment #2: Type: text/html, Size: 561 bytes --]

Re: Authenticated Boot and Disk Encryption

[Ludovic Courtès]

Hi Reza,

Reza Housseini <reza.housseini@gmail.com> skribis:

> I came across this blog post
> <https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html>
> and was wondering what is the state of authenticated boot and encryption in
> Guix System?

Nothing’s been done wrt. to “authenticated boot” AFAIK (I have
reservations about the concept).

Full disk encryption works but it’s done like in other distros, as
described in the article.  One big failure IMO is the fact that
nothing’s done upon suspend (when closing the laptop lid).  I believe
systemd-homed addresses that properly.

There’s a lot in this article, I’d suggest identifying specific bits to
see whether/how we can implement them in Guix!

Thanks,
Ludo’.