Skip to content

osresearch/safeboot

master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
busybox @ ac4a0b3
Jul 23, 2021
efitools @ 392836a
May 9, 2020
Jul 23, 2021

Safe Boot: Booting Linux Safely

Safe Boot has four goals to improve the safety of booting Linux on normal laptops:

  • Booting only code that is authorized by the system owner (by installing a hardware protected platform key for the kernel and initrd)
  • Streamlining the encrypted disk boot process (by storing keys in the TPM, and only unsealing them if the firmware and configuration is unmodified)
  • Reducing the attack surface (by enabling Linux kernel features to enable hardware protection features and to de-priviledge the root account)
  • Protecting the runtime system integrity (by optionaly booting from a read-only root with dm-verity and signed root hash)

The slightly more secure Heads firmware (built with coreboot) is a better choice for user freedom since it replaces the proprietary firmware with open source, while Safe Boot's objective is to work with existing commodity hardware and UEFI SecureBoot mechanisms, as well as relatively stock Linux distributions.

For more details, see the docs directory, which is processed with mkdocs-material to produce the https://safeboot.dev/ website.


Building debian package

mkdir debian ; cd debian
git clone https://github.com/osresearch/safeboot
cd safeboot
sudo make requirements
make package

Build Debian package on ubuntu 20.04

Publish mkdocs via GitHub Pages

Contributing to safeboot

Please create issues on github if you run into problems and pull requests to solve problems or add features are welcome! Please review the contributors guidelines and code of conduct for more details on contributing.