[ home / overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / lgbt / R9K / dead ] [ meta ]

/tech/ - Technology

"Technology reveals the active relation of man to nature"
Name
Email
Subject
Comment
Captcha
Tor Only
Flag
File
Embed
Password (For file deletion.)
Matrix   IRC Chat   Mumble
ReturnCatalogBottom

File: 1779090752926.jpg ( 54.28 KB , 600x844 , gigachad-1644807974.jpg )

 No.13716

>Why yes, I daily drive Tails OS. How can you tell?

What OS do you use and why?
>>

 No.13719

File: 1779102334064.jpeg ( 64.5 KB , 1080x966 , 2gafoatrgr1e1.jpeg )

Kicksecure.
>developed by the Whonix team
>security hardening by default
>compatible with anything the Linux kernel is
>runs any software
>has a built-in live mode (nothing is saved on reboot)
>can setup a full-disk encryption
>Torified repos
>can install Whonix for the same isolation as Tails's
As for other operating systems:
>OpenBSD has hardware and software compatibility issues and a hard-to-use installer
>HardenedBSD has better compatibility but is still difficult to set up
>Qubes is too fucking resource-hungry
>Tails does what Whonix does but works only on a USB stick and isn't really secure
>Spectrum OS is really cool but it's in a perpetual alpha state
>none of them have Torified repos (except Qubes)
>>

 No.13722

>>13719
>full-disk encryption
Now do you mean actual full-disk encryption or fake "full-disk encryption" that still leaves your /boot partition and EFI system partition unencrypted?
>>

 No.13723

File: 1779219891883.gif ( 16.57 MB , 640x360 , linux-trash.gif )

>>13722
Depends on how far you wanna go really. You can definitely encrypt the boot partition manually. You can also put all the unencrypted shit onto a USB stick and additionally configure the AEM (Kicksecure devs recommend doing at least the first one since OF COURSE leaving unencrypted partitions on your drive is retarded).

You can check their wiki which has pretty hardcore security and privacy tips and start living in a bunker. I especially respect Whonix for opposing Graphene OS's tyrant security (not saying that Graphene OS isn't secure, just saying that its approach to security is very, VERY restrictive, kinda like iOS's).
>>

 No.13724

>>13723
Most Linux distributions support semi-full disk encryption with /boot left unencrypted. I have my full disk encrypted on a Devuan build and it took a considerable degree of extra work to configure GRUB properly (including getting a couple LUKS2 bugs fixed). The distros that have started supporting /boot encryption have likely done so due to recent developments in GRUB, but I doubt any support EFI partition encryption booting from it requires something like Coreboot with a SeaBIOS payload to decrypt your second-stage bootloader, a much smaller niche of boot hardening to defend yourself against potential evil maid attacks.
>>

 No.13727

File: 1779288431428.jpg ( 188.14 KB , 1137x1080 , Wade1.jpg )

>>13724
https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
>I doubt any support EFI partition encryption booting from it requires something like Coreboot
Correct. That's why you should put the ESP on a stick or use an Anti-Evil Maid.

Actually, true full-disk encryption with an AEM support is possible with the heads firmware (another FLOSS alternative to BIOS/UEFI) but it's not used on anything other than Librem laptops. But if you want that you can buy one of those. They even have hardware switches, though these laptops are expensive.

Unique IPs: 2
[Return][Catalog][Top][Home][Post a Reply]
Delete Post [ ]
[ home / overboard / sfw / alt / cytube] [ leftypol / b / WRK / hobby / tech / edu / ga / ent / music / 777 / posad / i / a / lgbt / R9K / dead ] [ meta ]
ReturnCatalogTopBottomHome