Tracking issue: Boot security in NixOS #265640
Labels
0.kind: enhancement
2.status: work-in-progress
5. scope: tracking
Long-lived issue tracking long-term fixes or multiple sub-problems
6.topic: nixos
6.topic: systemd
significant
Novel ideas, large API changes, notable refactorings, issues with RFC potential, etc.
Comments
RaitoBezarius
added
0.kind: bug
0.kind: enhancement
6.topic: nixos
2.status: work-in-progress
6.topic: systemd
and removed
0.kind: bug
labels
|
This issue has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/nixpkgs-supply-chain-security-project/34345/7 |
infinisil
added
the
significant
samueldr
added
the
5. scope: tracking
|
The link to the proposal is broken, it seems it has become : https://github.com/nix-community/projects/blob/main/proposals/nixpkgs-security-phase2.md |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a tracking issue for work around Boot security in NixOS incorporating elements of https://github.com/nix-community/projects/blob/main/proposals/nixpkgs-security.md.
Upstream features
verifyalgorithms nix-community/goblin-signing#3.initrdvia addons systemd/systemd#28070Work driven by @RaitoBezarius
UEFI Secure Boot by default for NixOS installer images
Work driven by @lheckemann, with the help of @mschwaig.
Bootspec v2
TPM2 in lanzaboote
Work driven by @RaitoBezarius
A/B schema in NixOS
Work driven by @JulienMalka
Integrity checks for the store
Work driven by @ElvishJerricco
Interpreter-less NixOS
Tracking issue: #267982
Design document: https://pad.lassul.us/nixos-perlless-activation#
Work driven by @nikstur, with the help of @blitz @lheckemann.
The text was updated successfully, but these errors were encountered: