Merge remote-tracking branch 'refs/remotes/origin/master'

2022-03-15 21:32:09 +01:00 · 2022-03-15 21:32:09 +01:00 · b556084673
commit b556084673
parent 93e9a32577 c135dcf56f
2 changed files with 29 additions and 1 deletions
--- a/linux_hardening.md
+++ b/linux_hardening.md
@ -0,0 +1,20 @@
+# secureboot
+
+Most of the distributions are delievered with a microsoft-signed SHIM bootloader, which should allow the boot with active secureboot without deleting OEM keys. the SHIM bootloader gets controlled with mokutil.
+
+- systemctl reboot --firmware
+ - bootctl
+ - efibootmgr -v
+ - mokutil --sb-state
+ - mokutil --list-enrolled
+ - mokutil --enable-validation
+
+## ubuntu
+ubuntu provides a update-secureboot-policy script to generate and enroll a secureboot mok, but this needs an already active secureboot.
+# cryptsetup luks
+crypsetup luksDump /dev/sdaX
+cryptsetup luksChangeKey /dev/sdaX
+cryptsetup luksErase
+
+ressource:
+http://jk.ozlabs.org/docs/sbkeysync-maintaing-uefi-key-databases/
--- a/virtualbox.md
+++ b/virtualbox.md
@ -4,4 +4,12 @@
 FYI: _remember to mkdir a folder for this_
 `sudo mount.vboxsf media /mnt/exchange`
 after adding a guest share the users need access which is granted by a group:
-`sudo usermod -G vboxsf -a $USER`
+`sudo usermod -G vboxsf -a $USER`
+
+
+sometimes it will generate a protocol error:
+```
+[    6.646480] vboxsf: could not stat root of share: -71
+[    6.647218] 06:53:23.826079 automount Error: vbsvcAutomounterMountIt: Failed to mount 'exchange' on '/mnt/exchange': Protocol error (-1,71)
+```
+the workaround is to choose an new/other folder on the host system.