Add System Requirements
parent
33bf692aaa
commit
ac350638f1
42
System-Requirements.md
Normal file
42
System-Requirements.md
Normal file
@ -0,0 +1,42 @@
|
||||
# HalogenOS System Requirements
|
||||
|
||||
## Basic Requirements
|
||||
|
||||
No matter what, your system MUST have:
|
||||
|
||||
- Fully UEFI compliant firmware
|
||||
- A 64-bit CPU
|
||||
- A network adapter
|
||||
- A display adapter
|
||||
- At least 8 gigabytes of RAM
|
||||
- A bootable device with at least 64 gigabytes of space
|
||||
|
||||
# Recommended requirements
|
||||
|
||||
The system requirements will differ, depending on if you're building your own image. If you are using a pre-built image, you will need:
|
||||
|
||||
- A display with an in-tree driver
|
||||
- A network adapter with an in-tree driver
|
||||
- Standard CPU extensions (SIMD, SSE)
|
||||
|
||||
It is also recommended that your system have:
|
||||
|
||||
- At least 16 gigabytes of RAM
|
||||
- At least 128 gigabytes of space
|
||||
|
||||
## Security Features
|
||||
|
||||
HalogenOS leverages modern hardware security features to protect the system against tampering, intrusion, exfiltration, and corruption. These features, unfortunately, are not often found on consumer devices, leaving system hardware and firmware vulnerable to attack. This requirement policy is based on [the Linux Firmware Vendor Service](https://fwupd.org/)'s [Host Security Identifier (HSI) Specification](https://chromium.googlesource.com/chromiumos/third_party/fwupd/+/refs/heads/fwupd-1.6.3/docs/hsi.md), which outlines what elements determine a system's resistance to different levels of attack sophistication.
|
||||
|
||||
Due to scarcity of sufficiently compliant hardware, HalogenOS targets HSI 3 for its baseline, instead of HSI 4 or HSI 5. Devices compliant with HSI 3 require at least:
|
||||
|
||||
- TPM 2.0
|
||||
- UEFI Secure Boot
|
||||
- Lock-able BIOS firmware
|
||||
- Write/read protected firmware
|
||||
- I/O Memory Management Unit
|
||||
- Debug systems and interfaces disabled
|
||||
|
||||
This list is NON EXHAUSTIVE. You can read more about the HSI Specification [here](https://chromium.googlesource.com/chromiumos/third_party/fwupd/+/refs/heads/fwupd-1.6.3/docs/hsi.md). To check your device's compliance, download and install `fwupdmgr` from its [GitHub repository](https://github.com/fwupd/fwupd), or install it via your package manager. After that, you can run `fwupdmgr security` to get information on your system's security.
|
||||
|
||||
At runtime, `fwupdmgr` performs the necessary checks to determine the installation's HSI status. On first boot, this baseline is saved, and any changes to the baseline can be detected, and forwarded to the user for review. The user will also be notified if the device fails to meet HSI 3 on its first boot.
|
||||
Loading…
Reference in New Issue
Block a user