This is a continuation of my previous post about upgrading personal security. This post focuses on preventing evil maid attacks using disk encryption and secure boot. With this post, I compiled and summarized all of the resources I used to do all of this configuration. The hope is that having a set of steps in one place reduces the need to go hunting across different Reddit posts, blog posts, and wiki articles as I did.| saligrama.io
An explanation of how to enable secure boot on NixOS, using a community project named ‘Lanzaboote’, and further how to automatically unlock a LUKS-encrypted disk using a TPM with systemd-cryptenroll.| jnsgr.uk
Related articles| wiki.archlinux.org
Related articles| wiki.archlinux.org
Related articles| wiki.archlinux.org
The following are examples of common scenarios of full system encryption with dm-crypt. They explain all the adaptations that need to be done to the normal installation procedure. All the necessary tools are on the installation image.| wiki.archlinux.org
Related articles| wiki.archlinux.org
Related articles| wiki.archlinux.org