Adam Boult

Securing the system and boot process: Including encrypting systems, Logical Volume Management (LVM), trusted execution environment, secure enclave, Supervisor Mode Access Prevention, Intel Management Engine (ME) and AMD Platform Security Processor (PSP)

Download PDF

Non-SATA storage: USB including usbutils (lsusb list usb devices)

Non-SATA storage: USB including pciutils (lspci list pci devices)

Non-SATA storage: USB including usbutils (lsusb)

More on Pluggable Authentication Modules (PAM)

Encrpytion and hardware authentication with Pluggable Authentication Modules (PAM)

SORT

SORT 2025

Introduction

on securing the linux boot process: anti evil maid attacks. related to bios/tcm

hardware security features (some of these to earlier?): + WX̂ + NX bit + Executable-space protection uefi secureboot

boot process: + platform configuration registers (PCRs) + trusted platform module (TPM) AES instruction set on advanced cpu intel me amd psp hardware security module (HSM)

h3: updating boot process and firmware after installing: encrypted

h3: LVM and encrypting boot partition

lvm commands (lvm2 package): + vgcreate: volume group create + pvcreate: physical volume create in lvm + vgextend: extend volume group + lvcreate: logical volume create

h3: Securing the boot process with secureboot and TPM

tpm and systemd-cryptenroll page

can see status of secure boot: dmesg | grep -i secure