Need help with safeboot?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

osresearch
184 Stars 16 Forks GNU General Public License v2.0 507 Commits 69 Opened issues

Description

Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support

Services available

!
?

Need anything else?

Contributors list

# 64,830
gRPC
Linux
Perl
Common ...
355 commits
# 10,569
C
Shell
TeX
kerbero...
35 commits
# 678,477
Ada
C
Shell
2 commits
# 225,096
C
Ansible
molecul...
prometh...
1 commit

Safe Boot: Booting Linux Safely

Safe Boot has four goals to improve the safety of booting Linux on normal laptops:

  • Booting only code that is authorized by the system owner (by installing a hardware protected platform key for the kernel and initrd)
  • Streamlining the encrypted disk boot process (by storing keys in the TPM, and only unsealing them if the firmware and configuration is unmodified)
  • Reducing the attack surface (by enabling Linux kernel features to enable hardware protection features and to de-priviledge the root account)
  • Protecting the runtime system integrity (by optionaly booting from a read-only root with dm-verity and signed root hash)

The slightly more secure Heads firmware (built with coreboot) is a better choice for user freedom since it replaces the proprietary firmware with open source, while Safe Boot's objective is to work with existing commodity hardware and UEFI SecureBoot mechanisms, as well as relatively stock Linux distributions.

For more details, see the docs directory, which is processed with mkdocs-material to produce the https://safeboot.dev/ website.


Building debian package

mkdir debian ; cd debian
git clone https://github.com/osresearch/safeboot
cd safeboot
sudo make requirements
make package

Build Debian package on ubuntu 20.04

Publish mkdocs via GitHub Pages

Contributing to
safeboot

Please create issues on github if you run into problems and pull requests to solve problems or add features are welcome! Please review the contributors guidelines and code of conduct for more details on contributing.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.