Hello Raghav,

Raghav Gururajan <rvgn@disroot.org> writes:

[...]

> It works. Was curious about other alternatives. Btw, is it possible make guix to
>  automatically GPG-Sign the "grub.cfg" it generates during "guix system init" or
> "guix system reconfigure" ??

I cannot (still) help patching guix this way, but from a security POV
this is interesting, providing you explain what you are trying to
achieve :-)

Anyway:

1. to sign, guix should have a secret key and that key may be easily
stolen (modulo encryption but that's another story...)

2. to verify a list of system admins signatures guix just needs public
keys and that's easy to provide, the not so easy part is patching guix I
guess

3. signature of "grub.cfg" - or other store items - should be done on
*another* machine and items deployed to the host (there is some POC and
custom code around in guix-devel for this)

Could GPG signature *verification* of selected core parts (bootloader,
initrd, kernel... guix itself) of our reproducible system make us
confident that instrusions via physical access to hardware are
automatically detected and notified by guix? [1]

...or I'm exagerating here and Guix already provides a good path to do
effective intrusion detection, even with remote hosts potentially
available to physical instrusion?

Thoughts?

[...]

Thanks! Gio'.


[1] let's call it Trusting Remote Trust problem

-- 
Giovanni Biscuolo

Xelera IT Infrastructures