working
This commit is contained in:
commit
4789723fb9
@ -1,3 +1,9 @@
|
||||
---
|
||||
keywords:
|
||||
- IT
|
||||
- filesystem integritiy
|
||||
- authentic filesystem
|
||||
---
|
||||
# secureboot
|
||||
|
||||
Most of the distributions are delievered with a microsoft-signed SHIM bootloader, which should allow the boot with active secureboot without deleting OEM keys. the SHIM bootloader gets controlled with mokutil.
|
||||
@ -20,4 +26,31 @@ ressource:
|
||||
http://jk.ozlabs.org/docs/sbkeysync-maintaing-uefi-key-databases/
|
||||
|
||||
## lkrg - linux kernel runtime guard
|
||||
archlinux can build with AUR, debian/ubuntu can use the *.deb precompiled package. It should be available for x64, arm64 and arm
|
||||
archlinux can build with AUR, debian/ubuntu can use the *.deb precompiled package. It should be available for x64, arm64 and arm
|
||||
|
||||
## data integrity aka bitrot
|
||||
General kernel awareness:
|
||||
https://github.com/torvalds/linux/blob/master/Documentation/block/data-integrity.rst
|
||||
the solution so far to omit endusers hardware limitations (like ECC RAM *grml*)
|
||||
https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/device-mapper/dm-integrity.rst
|
||||
So it should be more or less equal to use integrity with or without encryption:
|
||||
- RAID1 preferred
|
||||
- heavily perfomance issues caused by the journal ( none or bitmap as dangerous alternative)
|
||||
https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/device-mapper/dm-crypt.rst
|
||||
|
||||
the used strcuture to get this done:
|
||||
block device -> dm-integrity -> mdadm/lvm2 (RAID1) -> btrfs
|
||||
block device -> dm-integrity -> cryptsetup(mdadm/lvm2 (RAID1)) -> btrfs
|
||||
|
||||
- [ ] cryptsetup benchmark
|
||||
- [ ] GPT formatted block devices to get recognized properly under windows
|
||||
- [ ] complete header backup
|
||||
- [ ] block device sector size
|
||||
- [ ] blcok device support for SCT/ERC
|
||||
|
||||
#### related issues
|
||||
- https://gitlab.com/cryptsetup/cryptsetup/-/issues/632 xxHASH64 support, needs separate `--tag-size 8`
|
||||
- https://gitlab.com/cryptsetup/cryptsetup/-/issues/668 dm-integrity documentation with setting recommendation
|
||||
- https://gitlab.com/cryptsetup/cryptsetup/-/issues/620 systemd LUKS key mgmnt integration
|
||||
- https://gitlab.com/cryptsetup/cryptsetup/-/issues/573 issues with caching the flag "recalculating"
|
||||
- https://raid.wiki.kernel.org/index.php/Drive_Data_Sheets#Non-Raid_drives
|
||||
|
Loading…
Reference in New Issue
Block a user