On 2020-02-17 15:09, Julius Zint wrote:
> Some feedback from the OpenBSD community on this would also be appreciated.
> Are there
> enought people interessted in a Trusted Boot with OpenBSD?
I'm interested
I’m interested as well.
Jan
On 17 Feb 2020, at 17:10, Kevin Chadwick wrote:
On 2020-02-17 15:09, Julius Zint wrote:
Some feedback from the OpenBSD community on this would also be
appreciated. Are there
enought people interessted in a Trusted Boot with OpenBSD?
I'm interested
On Mon, Feb 17, 2020 at 01:35:38PM +, Frank Beuth wrote:
| > | This way the evil maid would have nothing to tamper with.
| >
| > Note that with this approach, a default OpenBSD install to your
| > machine will still install a bootloader on the physical disk inside
| > your machine. It's then
> I'm not really in a position to reflash my machine but I would still be
> curious for details.
There is no need to reflash your firmware if the system has a integrated
and supported TPM 1.2 chip.
The prototype uses a Static Root of Trust for Measurment (SRTM) approach
where the Chain of
I got a
HP DeskJet 2630
printer and connected it via usb
I tried to use it "directly", i.e., /etc/printcap:
usb:lp=/dev/ulpt0:sd=/var/spool/output/usb:sf:sh:tr=^D:
as mentioned in the original mail
but this results in an "output error" after I started lpd
and used
lpr doc.ps
ulpt0 at uhub0
Hello Stuart,
>>>
>>> strongSwan's module to install policies to the kernel (kernel-pfkey) does
>>> not support OpenBSD without making code changes. Not impossible but hasn't
>>> been done. Only their userland setup that works with tun(4) devices
>>> (slightly confusingly called kernel-ipsec) is
Hi Erik,
On Mon, Feb 17, 2020 at 06:07:59PM +, Erik Lauritsen wrote:
| Hi,
|
| Is a DNS over HTTPS recognizable somehow so that it can be fingerprinted
| and redirected or blocked using pf?
I haven't studied this in close detail, but since it's just a "normal"
(albeit generally small) HTTPS
Hi,
Is a DNS over HTTPS recognizable somehow so that it can be fingerprinted
and redirected or blocked using pf?
I am thinking about the ability of PF to detect when requests are coming from
a windows machine for example.
Kind regards,
Erik
On Feb 17, 2020 11:47 AM, Claus Assmann wrote:
>
> I got a
> HP DeskJet 2630
> printer and connected it via usb
> I tried to use it "directly", i.e., /etc/printcap:
> usb:lp=/dev/ulpt0:sd=/var/spool/output/usb:sf:sh:tr=^D:
> as mentioned in the original mail
>
> but this results in an "output
On Mon, Feb 17, 2020 at 04:09:57PM +0100, Julius Zint wrote:
I'm not really in a position to reflash my machine but I would still be
curious for details.
There is no need to reflash your firmware if the system has a integrated
and supported TPM 1.2 chip.
The prototype uses a Static Root of
On Mon, Feb 17, 2020 at 06:44:25PM +0100, Paul de Weerd wrote:
On Mon, Feb 17, 2020 at 01:35:38PM +, Frank Beuth wrote:
| > | This way the evil maid would have nothing to tamper with.
| >
| > Note that with this approach, a default OpenBSD install to your
| > machine will still install a
On Tue, Feb 18, 2020 at 05:12:25AM +, Frank Beuth wrote:
| Yes, it's a cool way to combine things to get unexpected functionality.
| I haven't dug into the bootloader much... is there a reasonably easy way
| to get the USB-stick-bootloader to boot the hard drive partition by
| default?
Best
I am trying to understand how path stripping works in httpd(8),
particularly how FastCGI's SCRIPT_NAME parameter gets filled.
The rule about whether it has a trailing slash or not seems
inconsistent. I would really appreciate some extra eyes to work through this.
I don't know if httpd is at fault,
On Mon, Feb 17, 2020 at 08:50:14AM +, Frank Beuth wrote:
| > > How do you do this on OpenBSD?
| > @frank: https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk
|
| That's telling me how to use a keydisk -- how to put the softraid FDE
| encryption key material on a USB disk.
|
| If an
Nick,
Indeed Working.
Thanks.
>>
>> May be a dumb question, but do you have net.inet.ip.forwarding=1 set?
>>
>
> Neither can I believe had forgotten it, but I think you nailed it.
> Will test monday and let know.
>
> Thanks in advance.
>
> -fm
>
>>
>> tcpdump of a successful test connection:
>>> How do you do this on OpenBSD?
>>@frank: https://www.openbsd.org/faq/faq14.html#softraidFDEkeydisk
>
> That's telling me how to use a keydisk -- how to put the softraid FDE
> encryption key material on a USB disk.
>
> If an evil made came by and got access to my machine, they would still
>
On Sat, Feb 15, 2020 at 12:22:02PM +0100, no@s...@mgedv.net wrote:
>depends what you want to achieve, but my recommendation is booting from
USB
>and mount encrypted root from the HDD.
>you can safely remove the usb key after root mount and all your
configs/etc
>files are used from the
>
> If an evil made came by and got access to my machine, they would still
> be able to tamper with the bootloader code to harvest the FDE password
> when I returned.
>
> I want to put the whole bootloader (including the code used to decrypt
> the softraid-FDE-encrypted
Dear fellow China bro,
>>> Recently I tried to use mu4e on OpenBSD. However the indexing
>>> performance is dreadly slow compared to my Linux box. There was also an
I noticed very different performance of mu4e on OpenBSD and on Linux too.
> more likely caused by the limited memory on my
On Mon, Feb 17, 2020 at 11:56:24AM +0100, Paul de Weerd wrote:
But you can already do this. If your machine supports booting from
USB, you can do a minimal install to a USB stick (using FDE, if you
want). Now you have a portable OpenBSD environment you can boot on
any system capable of booting
On Mon, Feb 17, 2020 at 11:13:27AM +0100, Julius Zint wrote:
I recently finished my masterthesis that solves this problem by including
the Trusted Platform Module (TPM) in the bootprocess of OpenBSD.
It extends the Chain of Trust up to boot(8) and allows you to seal a
secret of your choice to
21 matches
Mail list logo
