mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-18 20:47:55 +00:00
42 lines
1.1 KiB
Markdown
42 lines
1.1 KiB
Markdown
|
|
|
|
Heads: the other side of TAILS
|
|
===
|
|
|
|
|
|
Heads is a configuration for laptops that tries to bring more security
|
|
to commodity hardware. Among its goals are:
|
|
|
|
* Use free software on the boot path
|
|
* Move the root of trust into hardware (or at least the ROM bootblock)
|
|
* Measure and attest to the state of the firmware
|
|
* Measure and verify all filesystems
|
|
|
|
|
|
|
|
NOTE: It is a work in progress and not yet ready for users.
|
|
If you're interested in contributing, please get in touch.
|
|
Installation requires disassembly of your laptop or server,
|
|
external SPI flash programmers, possible risk of destruction and
|
|
significant frustration.
|
|
|
|
---
|
|
|
|
Components:
|
|
|
|
* CoreBoot
|
|
* Linux
|
|
* busybox
|
|
* kexec
|
|
* tpmtotp
|
|
* QubesOS (Xen)
|
|
|
|
---
|
|
|
|
Notes:
|
|
|
|
* Building coreboot's cross compilers can take a while.
|
|
* Currently only tested in Qemu and on a Thinkpad x230
|
|
* Booting Qubes requires patching Xen's real mode startup code;
|
|
see `patches/xen-4.6.3.patch`
|