-
-
Notifications
You must be signed in to change notification settings - Fork 18.7k
Tracking issue: Boot security in NixOS #265640
Copy link
Copy link
Open
Labels
0.kind: enhancementAdd something new or improve an existing system.Add something new or improve an existing system.1.severity: significantNovel ideas, large API changes, notable refactorings, issues with RFC potential, etc.Novel ideas, large API changes, notable refactorings, issues with RFC potential, etc.2.status: stalehttps://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.mdhttps://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md5.scope: trackingLong-lived issue tracking long-term fixes or multiple sub-problemsLong-lived issue tracking long-term fixes or multiple sub-problems6.topic: nixosIssues or PRs affecting NixOS modules, or package usability issues specific to NixOSIssues or PRs affecting NixOS modules, or package usability issues specific to NixOS6.topic: systemdSoftware suite that provides an array of system components for Linux operating systems.Software suite that provides an array of system components for Linux operating systems.
Description
Metadata
Metadata
Assignees
Labels
0.kind: enhancementAdd something new or improve an existing system.Add something new or improve an existing system.1.severity: significantNovel ideas, large API changes, notable refactorings, issues with RFC potential, etc.Novel ideas, large API changes, notable refactorings, issues with RFC potential, etc.2.status: stalehttps://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.mdhttps://github.com/NixOS/nixpkgs/blob/master/.github/STALE-BOT.md5.scope: trackingLong-lived issue tracking long-term fixes or multiple sub-problemsLong-lived issue tracking long-term fixes or multiple sub-problems6.topic: nixosIssues or PRs affecting NixOS modules, or package usability issues specific to NixOSIssues or PRs affecting NixOS modules, or package usability issues specific to NixOS6.topic: systemdSoftware suite that provides an array of system components for Linux operating systems.Software suite that provides an array of system components for Linux operating systems.
Fields
Give feedbackNo fields configured for issues without a type.
This is a tracking issue for work around Boot security in NixOS incorporating elements of https://github.com/nix-community/projects/blob/main/proposals/nixpkgs-security.md.
Upstream features
verifyalgorithms nix-community/goblin-signing#3.initrdvia addons systemd/systemd#28070Work driven by @RaitoBezarius
UEFI Secure Boot by default for NixOS installer images
Work driven by @lheckemann, with the help of @mschwaig.
Bootspec v2
TPM2 in lanzaboote
Work driven by @RaitoBezarius
A/B schema in NixOS
Work driven by @JulienMalka
Integrity checks for the store
Work driven by @ElvishJerricco
Interpreter-less NixOS
Tracking issue: #267982
Design document: https://pad.lassul.us/nixos-perlless-activation#
Work driven by @nikstur, with the help of @blitz @lheckemann.