• 0 Posts
  • 93 Comments
Joined 5 months ago
cake
Cake day: June 23rd, 2024

help-circle





  • Currently, there’s no serious discussion about removal from mainline. And LTS won’t remove it.

    Should it happen, you can still use Kent’s kernel tree as before. Whether distributions ship it - who knows.

    If there’s no mainline or dkms support, I’ll move my storage away from it in favor of btrfs that I’ve successfully used the years before instead of switching to LTS. Just because of future maintainability and migration options.




  • Realistically, no.

    Theoretically, if you enable Secure Boot and a boot password through UEFI, it might be OK for some purposes, as an attacker clearing your Secure Boot settings would also reset the boot password, which you’d probably notice.

    If you’re concerned about Evil Maid attacks, use Secure Boot with a TPM. If your only concern is getting the device stolen with you losing access, Secure Boot from my point of view is only a convenience feature for stuff like easier unlocking

    EDIT: it should be mentioned that technically, Secure Boot doesn’t require the TPM and just checks the signatures. However, you’d need to check on each boot whether it’s actually enabled with the correct settings and that your device has not been reset. The automation of this is sometimes called Measured Boot, which the TPM is used for. Secure Boot by itself doesn’t protect you against sophisticated physical attackers. But the boot measurement gets thrown into the term because it makes sense.

    At least that’s my understanding.



  • I was about to write something similar. You’re just pushing the problem down the stack, and argon2 doesn’t fix that particular one anyways.

    The facts are:

    1. You always need an unencrypted entry point, so encryption can’t be your secure anchor (though it could never be anyways, you’re looking for authenticity there, not confidentiality)
    2. As the original post states, making sure an attacker never has physical access to your boot or EFI partition works against that particular evil maid attack. It won’t protect from other threats however and isn’t very practical.
    3. You need to authenticate your whole boot chain for actual protection, including initrd, which the linked article also rightfully points out
    4. The only system available to normal users to provide authenticity protection mechanisms is Secure Boot (with implementations not always perfect)
    5. In practice, you need to enroll your own keys to sign your initrd and have a mechanism to actually check it, or use something like a signed UKI
    6. In your actual system, make sure your boot partition is only available to root - EFI mandates vFAT which doesn’t support owner attributes, so put on a restrictive mask (0077)
    7. Your UEFI needs to be protected by password so that an attacker can’t just disable Secure Boot and replace your protected files

    With all these in place, you should set up booting from an encrypted partition where they key is loaded from the TPM with sufficient PCRs bound and a PIN or something similar. I’m unaware of current solutions to easily have a kernel check against the registers during boot, so in case your system won’t decrypt with the PIN as your input alone, you know that your boot process has been altered (not necessarily malicious, could be a firmware update, but still).

    Real security is hard, there is no easy solution if the vendor doesn’t control the hardware (which both Apple and Microsoft do), most users don’t care that much that distribution would push for it. You rather still have the unhealthy “open source is secure and TPM / secure boot is a Microsoft tool to lock out other operating systems” attitude.

    PS. this is not meant as a guide for setting up a secure system, just some considerations when considering the approach.






  • Laser@feddit.orgtolinuxmemes@lemmy.worldI enjoy creating conflict
    link
    fedilink
    arrow-up
    6
    arrow-down
    1
    ·
    16 days ago

    Snaps both predate flatpak and do things that Flatpaks are not designed to do.

    By less than a year judging by the article… and for individual applications, there was AppImage.

    Snaps can do things flatpaks can’t do. Which is true but also kind of irrelevant if we’re talking about a means to distribute applications in a cross-distribution manner as opposed to a base system A/B partition solution.

    Or am I misunderstanding?


  • Laser@feddit.orgtolinuxmemes@lemmy.worldI enjoy creating conflict
    link
    fedilink
    arrow-up
    9
    arrow-down
    1
    ·
    edit-2
    16 days ago

    Everyone should use what suits them best. My negative opinion on snaps doesn’t mean Ubuntu shouldn’t ship it or that users shouldn’t use it. It’s Canonical’s distribution, they can put into it whatever they want for all I care, and if users are happy with it, good for them. But I can still criticize it for perceived issues. (Edit: kind of a straw man since nobody said I couldn’t, I just wanted to stress that I’m not authoritative on the matter)

    But I understand that Ubuntu isn’t for you if you want to avoid snaps.

    I used Ubuntu in the past, from I think 2004 or maybe 2005 to 2008, but switched away because of other issues that I don’t remember anymore, but I do remember upgrades between major versions were always pain with an Nvidia card (this was before AMD or in the beginning even ATI cards were well-usable under Linux) and I honestly just prefer rolling release nowadays. But snaps are just not at all compelling anyways.


  • All that follows is my personal opinion, but for ease of writing, I’m gonna present it as facts.

    Once you have grasped the advantage that Nix offers, all the fundamentally different solutions just seem s o inferior. When I first tried NixOS on a decommissioned notebook, the concept immediately made sense. Granted, I didn’t understand the language features very well – I mostly used it for static configuration with most stuff just written verbatim in configuration.nix, though I did use flakes very early on because of Lanzaboote. But just the fact that you had a central configuration in a single language that was able to cross-reference itself across different parts of the system absolutely blew me out of the water. I was a very happy and content Arch user, even proficient enough to run my own online repository that built from a clean chroot for AUR packages (if you use Arch with AUR packages on multiple systems, check out the awesome aurutils!), but after seeing the power of NixOS in action, I switched over all my machines as soon as I could - desktop, virtual servers (thanks nixos-anywhere!), main notebook and NAS.

    People often praise the BSDs for their integrated approach – NixOS manages to bring that approach to Linux. Apart from GUIX System that I never tried because Secure Boot was a requirement when I last looked at other distributions, none of them have tackled the problem that NixOS solves, and it’s not even certain if they actually understand it. Conceptually, it plays on a whole different level. No more unrecoverable systems, even with broken kernels – just boot the previous configuration. Want to try changes without any commitment? nixos-rebuild test got you. Need an app quick? nix shell nixpkgs#app it is.

    Plus the ecosystem is just fantastic. The aforementioned nixos-anywhere really helps with remote provisioning, using disko to declaratively setup filesystems and mounts, you have devenv which is a really good solution for development environments, both regarding reproducibility and features, and many more that I can’t mention here. There is nothing comparable, and the possibilities are unlike in any other ecosystem.

    It’s not perfect for sure though, and documentation is sparse. The language concepts which allow one to “unlock” the most powerful features are different from what most people know.

    I was lucky enough to have some downtime at work to get into the system a bit deeper (this was still for work though, just not my core skillset) by implementing a “framework” for our needs which forced me to not just copy and paste stuff, though I definitely did get inspired from other solutions, but to actually better understand the module system (I think?), thinking in attribute sets, writing your own actual modules, function library and so on. But in the end, it was definitely worth it, and I’m unaware of any other system that would allow what Nix and NixOS allowed me to build.


  • Laser@feddit.orgtolinuxmemes@lemmy.worldI enjoy creating conflict
    link
    fedilink
    arrow-up
    30
    arrow-down
    5
    ·
    16 days ago

    I don’t like snaps because it’s just another Canonical NIH thing. Everyone else agreed on flatpak which seems to have a good design with portals and all and being fully open.

    On the other hand, you have snaps, which is being controlled by Canonical as the server component is l non-public. The packages sometimes work worse than normal debs and the flatpak version (steam being a notable example IIRC).

    There is 0 motivation for me as a user to look into that. They have solved the problem in one of the worst ways possible. Even Mint, which is Ubuntu’s biggest downstream, has opted against including it by default.

    In addition to all of that, Canonical also installs applications as snap when using the apt\£* command line tools.

    So you have a system that is

    • proprietary
    • worse than the alternatives
    • pushed on users even through unexpected channels

    Ubuntu’s mission was always to build bridges between the user and tech and businesses that the gnu side of Linux wouldn’t.

    Which bridge did they build with snaps?

    It’s a good just works distro that has spawned a ton of just works distros

    Which in turn have removed snaps by default and replaced the affected packages with native ones because it often didn’t “just work”