From ab8176e52d013a1433f39c82d184425445bc499c Mon Sep 17 00:00:00 2001 From: River Date: Thu, 22 May 2025 22:51:06 -0400 Subject: [PATCH] Update Hardening --- Hardening.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Hardening.md b/Hardening.md index a3da81b..fe59332 100644 --- a/Hardening.md +++ b/Hardening.md @@ -28,13 +28,14 @@ If the hardware running HalogenOS is properly manufactured and configured, it sh - Checks & reports on hardware/firmware security - Unified Kernel Image boot -- Secure Boot with locally generated keys +- Secure Boot with encrypted, locally generated keys - dm-verity enabled for system partition - squashfs based system images - LUKS encryption enabled for user partition - TPM2 based automatic unlocking - Automatic repair in case of tampering - User alerted if hardware security baseline changes +- Kernel-based file integrity for volatile files ## Configuration @@ -46,6 +47,7 @@ Various controls on the kernel's networking stack, filesystem stack, and on some - `noexec` set for `/tmp` - Root logon disabled - No superuser access on production builds +- System files on non-system partitions only accessible by root - sshd disabled ## Updates