From 5022a6075050b9443fe5ea2e0e29f0d34af8097c Mon Sep 17 00:00:00 2001 From: River Date: Mon, 14 Apr 2025 11:43:10 -0400 Subject: [PATCH] Update README.md --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b10fe46..e7dceb5 100644 --- a/README.md +++ b/README.md @@ -19,10 +19,12 @@ These files allow a server to build a working image, sign it with a release key, There are a few overridable variables that control configuration elements of HalogenOS. These are set at build time, and are permanently immutable throughout the lifetime of the OS, unless the values are changed, the image is rebuilt with the same keys and URL, and the installation is updated. - `DISTURL`: Unset by default. The URL that HalogenOS files will be served at. If it is not set, OTA updates from a server are disabled, but updating can be done manually as long as the images are signed. -- `TPM`: Default is `true`. This will control automatic decryption of the root partition. Disable if your system does not have TPM 2.0. +- `TPM`: Default is `true`. This will control automatic decryption of the root partition. Disable if your system does not have TPM 2.0, or if you would rather manually input your root encryption password. - `SECBOOT`: Default is `true`. This will control whether or not Secure Boot keys are generated and enrolled. Disable if your system does not support Secure Boot. - `REQSIG`: Default is `true`. This will control whether or not update images and overlays require signatures. Disable ONLY for testing or development purposes. +Disabling `SECBOOT` or `REQSIG` sets a flag in the system partition indicating that the installation has a fundamentally insecure configuration, as important system files could be tampered with easily. + ## Signing Keys Unless you disable `REQSIG`, HalogenOS will require a signing key for updates and for overlays. If you do disable `REQSIG`, HalogenOS will still attempt to verify updates and overlays, but will not enforce these checks, and will not panic if there is no public signing key. To totally disable the inclusion of the signing key, you must remove `signing_key_public` from `build` in [compose.yml](/compose.yml).