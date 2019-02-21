Language Selection

English French German Italian Portuguese Spanish

PureBoot, the High Security Boot Process

Submitted by Roy Schestowitz on Tuesday 26th of February 2019 12:53:45 PM Filed under
Linux
Security

The boot process, in computer hardware, forms the foundation for the security of the rest of the system. Security, in this context, means a “defense in depth” approach, where each layer not only provides an additional barrier to attack, but also builds on the strength of the previous one. Attackers do know that if they can compromise the boot process, they can hide malicious software that will not be detected by the rest of the system. Unfortunately, most of the existing approaches to protect the boot process also conveniently (conveniently for the vendor, of course) remove your control over your own system. How? By using software signing keys that only let you run the boot software that the vendor approves on your hardware. Your only practical choices, under these systems, are either to run OSes that get approval from the vendor, or to disable boot security altogether. In Purism, we believe that you deserve security without sacrificing control or convenience: today we are happy to announce PureBoot, our collection of software and security measures designed for you to protect the boot process, while still holding all the keys.

Read more

Also: Measured Boot Support Is Heading To Coreboot

»

Soon in Phoronix Too

Submitted by Roy Schestowitz on Tuesday 26th of February 2019 12:57:03 PM.
  • Purism Working On PureBoot To Secure Your Data & Fully Verify The Linux Boot Process

    Purism has another announcement to make today... PureBoot! PureBoot is the privacy-minded, Linux-focused company's collection of safeguards to protect the boot process while empowering the end-user.

    Purism's PureBoot consists of having the Intel Management Engine permanently disabled, Coreboot as a replacement to the system BIOS, a TPM chip, Heads as their boot software, the USB Librem Key as the security token, and multi-factor authentication to handle disk encryption via the Librem Key.

Purism Announces PureBoot Securing Your Linux Computers

Submitted by Rianne Schestowitz on Tuesday 26th of February 2019 05:22:10 PM.
  • Purism Announces PureBoot to Help You Better Secure Your Linux Computers

    Dubbed "the high security boot process," PureBoot promises to be a complete and secured solution for more secure boot process on laptop and desktop computers that run a Linux-based operating system, including Purism's Debian-based PureOS, which comes pre-installed with the Librem 13 and Librem 15 laptops.

    PureBoot is not a new software, but a collection of software and security standards that Purism already uses on its Linux laptops, including the Librem Key USB security token, a TPM (Trusted Platform Module) chip, the coreboot free BIOS replacement, the Heads tamper-evident boot software, the disabled Intel ME (Management Engine), and multi-factor authentication.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Programming Leftovers

Graphics: NVIDIA Patches Security Issues and Igalia Reviews Its Graphics Activities

  • NVIDIA Patches Security Issues in GPU Display Driver for Windows, Linux
    NVIDIA released a security update for the NVIDIA GPU Display Driver software to patch eight security issues that could lead to code execution, escalation of privileges, denial of service, or information disclosure on both Windows and Linux machines.
  • Review of Igalia’s Graphics activities (2018)
    GL_ARB_gl_spirv is an OpenGL extension whose purpose is to enable an OpenGL program to consume SPIR-V shaders. In the case of GL_ARB_spirv_extensions, it provides a mechanism by which an OpenGL implementation would be able to announce which particular SPIR-V extensions it supports, which is a nice complement to GL_ARB_gl_spirv. As both extensions, GL_ARB_gl_spirv and GL_ARB_spirv_extensions, are core functionality in OpenGL 4.6, the drivers need to provide them in order to be compliant with that version.

Latest in GNU/Linux on Chromebooks

  • Audio playback for Linux on Chromebooks arrives in latest Chrome OS 74 Dev Channel release
    Google released version 74.0.3713.0 to the Chrome OS 74 Dev Channel on Monday and there are over 500 mentions of “Crostini”, the project that brought Linux support to Chromebooks. I’m still poring through the changelog, but I immediately noticed a mention of audio support. I tested it, and after a few commands in the Terminal as well as a few reboots, I got it to work.
  • This Feature Could Make Chromebook Tablet Mode Much Smoother, And You Could Help Make It Happen!
    It is no secret that one of the big struggles right now for Chrome OS, Chromebooks, detachables, and tablets is overview and split-screen mode. While the majority of the OS can run smooth on various chipsets, we see severely crippled performance across the board when it comes to both the overview mode and split-screen views. We’ve detailed a bit about this issue and the fixes being worked on, but the fixes outlined in that article are really more about the overview mode in both desktop and tablet mode.

Android Leftovers

More on Tux Machines: AboutGalleryForumBlogsSearchNewsRSS Feed

Part of Bytes Media ● Sister sites below.

TechBytes Techrights button

Powered by Drupal, an open source content management system

Content available under CC-BY-SA CC

© by original authors

Powered by CentOS 6.5 (GNU/Linux), Varnish, and Drupal 6