HalogenOS/image-builder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Hardening

River 2025-05-22 22:51:06 -04:00
parent 522cb2c527
commit ab8176e52d
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Hardening.md

@ -28,13 +28,14 @@ If the hardware running HalogenOS is properly manufactured and configured, it sh
- Checks & reports on hardware/firmware security - Checks & reports on hardware/firmware security
- Unified Kernel Image boot - Unified Kernel Image boot
- Secure Boot with locally generated keys - Secure Boot with encrypted, locally generated keys
- dm-verity enabled for system partition - dm-verity enabled for system partition
- squashfs based system images - squashfs based system images
- LUKS encryption enabled for user partition - LUKS encryption enabled for user partition
- TPM2 based automatic unlocking - TPM2 based automatic unlocking
- Automatic repair in case of tampering - Automatic repair in case of tampering
- User alerted if hardware security baseline changes - User alerted if hardware security baseline changes
- Kernel-based file integrity for volatile files
## Configuration ## Configuration
@ -46,6 +47,7 @@ Various controls on the kernel's networking stack, filesystem stack, and on some
- `noexec` set for `/tmp` - `noexec` set for `/tmp`
- Root logon disabled - Root logon disabled
- No superuser access on production builds - No superuser access on production builds
- System files on non-system partitions only accessible by root
- sshd disabled - sshd disabled
## Updates ## Updates