mastodon.ar.al is one of the many independent Mastodon servers you can use to participate in the fediverse.
This is my personal fediverse server.

Administered by:

Server stats:

1
active users

Here is a step-by-step guide on how to cryptographically sign your OS files with keys in your control🗝️puri.sm/posts/stay-protected-w

Aral Balkan

@purism Wondering if there’s a way to cut down the few minutes waiting time on the scan by implementing this feature using hypercore (a cryptographically-secure directed acyclic graph) by keeping the OS files in a hyperdrive and mounting that drive at boot. That would involve checking just one hash.

@aral @purism So it turns out that generating the hashes does take a minute or two, but checking them (like if you automatically check them at each boot) is much faster.

@kyle @purism Ah, right, I thought the couple of minutes was at every boot, sorry.

@aral @purism No problem! I also had to work within a few design constraints. The most relevant one here is that I wanted it to be as OS-agnostic as possible (like PureBoot is in general). I write at length about the design constraints and considerations here: puri.sm/posts/new-pureboot-fea

PurismNew PureBoot Feature: Scanning Root for Tampering – PurismPurism makes premium phones, laptops, mini PCs and servers running free software on PureOS. Purism products respect people's privacy and freedom while protecting their security.

@kyle @purism Thanks for the link, Kyle, looking forward to reading it :)

@aral @purism I actually re-read it and realized I wrote it before we implemented the feature to detect *new* files that were added to the file system so I just updated it to reference that update (and strikethrough the outdated text), which should be live in a bit.