076萌SNS
  • Login

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Wrongthink (wrongthink@cdrom.tokyo)'s status on Saturday, 15-Apr-2023 01:00:04 JST Wrongthink Wrongthink
    in reply to
    • test

    @test_1111111 @Suiseiseki

    But it does. This news is years old. I agree, security is a thing. And good security has layers. The idea behind monitoring (post boot) of your /boot partition is to be alerted to any unexpected changes.

    For a threat model involving “glowers” with UEFI a based system my primary concern would actually be in the CPU frontdoors before I spent any significant time worrying about the bootloader. But then again, I’m using neither UEFI or GRUB.

    In conversation Saturday, 15-Apr-2023 01:00:04 JST from cdrom.tokyo permalink
    • test (test_1111111@kiwifarms.cc)'s status on Saturday, 15-Apr-2023 01:00:05 JST test test
      @wrongthink @Suiseiseki Grub only supports LUKS1, which is insecure(yeah, security is a real thing). LUKS2 is the new standard and supports Argon2 instead of PBKDF2. Your argument is so low IQ it's unreal. I literally said "look up Unified Kernel Images, they're basically a bootable UEFI bundle where you self-sign it and place it on /boot so there's only one file that's unencrypted", which implies one is already using LUKS.
      Also file integrity monitoring? Is it baked into my motherboard firmware and does it check my initramfs, bootloader, and kernel's integrity when I boot?
      In conversation Saturday, 15-Apr-2023 01:00:05 JST permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.