[Novalug] single app VM

Sean McGowan spmcgowan+novalug@gmail.com
Tue Aug 18 07:17:04 EDT 2020


On Mon, Aug 17, 2020 at 5:21 PM Aaron M. Ucko via Novalug <
novalug@firemountain.net> wrote:

> Peter Larsen via Novalug <novalug@firemountain.net> writes:
>
> > On 8/17/20 1:38 PM, Jon LaBadie via Novalug wrote:
> >> For now I'll wait and see if Fedora includes them in future
> >> releases as Ubuntu already does.
> >
> > Be sure to file a RFE
> > https://bugzilla.redhat.com/enter_bug.cgi?classification=Fedora - that's
> > the only way someone will tell you if "it will happen".
>
> Meanwhile, if you do want to try going the custom-kernel route, please
> note that Secure Boot might get in the way.  If you'd rather not disable
> SB altogether, you should in principle be able to sign your kernel with
> a custom local key and configure your firmware to trust that key.  I'm
> not at all familiar with the details, though.
>
>
> Here are some instructions.
https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_your_own_keys.
Obviously the mkinitcpio stuff doesn't apply.  I run a laptop with an
encrypted boot partition on a removable device.  This repo helps:
https://github.com/xmikos/cryptboot.

I will say that I installed this way for fun and it has been anything but.
:).  I did it a couple years ago to make sure I could grok this stuff
halfway decently.  For me, this level of security is not necessary and
reminds me of https://xkcd.com/538/.

- Sean



More information about the Novalug mailing list