Update Hardening
parent
522cb2c527
commit
ab8176e52d
@ -28,13 +28,14 @@ If the hardware running HalogenOS is properly manufactured and configured, it sh
|
||||
|
||||
- Checks & reports on hardware/firmware security
|
||||
- Unified Kernel Image boot
|
||||
- Secure Boot with locally generated keys
|
||||
- Secure Boot with encrypted, locally generated keys
|
||||
- dm-verity enabled for system partition
|
||||
- squashfs based system images
|
||||
- LUKS encryption enabled for user partition
|
||||
- TPM2 based automatic unlocking
|
||||
- Automatic repair in case of tampering
|
||||
- User alerted if hardware security baseline changes
|
||||
- Kernel-based file integrity for volatile files
|
||||
|
||||
## Configuration
|
||||
|
||||
@ -46,6 +47,7 @@ Various controls on the kernel's networking stack, filesystem stack, and on some
|
||||
- `noexec` set for `/tmp`
|
||||
- Root logon disabled
|
||||
- No superuser access on production builds
|
||||
- System files on non-system partitions only accessible by root
|
||||
- sshd disabled
|
||||
|
||||
## Updates
|
||||
|
||||
Loading…
Reference in New Issue
Block a user