Playing with UEFI One way hackers can compromise systems is by attacking the system before it boots. In order to prevent this, you must secure the operating system by enabling security in UEFI. In other words, you cannot run software if it cannot be trusted to execute code correctly because untrusted software can tamper with […]
Author: Debra Chapman
Playing with UEFI 2 – Exploring the Various Boot Options and Kernels in Oracle Linux
How to do it… Let’s run the df -h command to view the partitions in the system. Please notice that /boot/efi is mounted on the /dev/sda1 partition in this example: Figure 3.10 – df -h command If you run the ls -l /boot/efi/EFI/redhat command, this directory contains a first-stage bootloader called shimx64.efi, a GRUB 2 […]
Playing with Secure Boot 2 – Exploring the Various Boot Options and Kernels in Oracle Linux
How to do it… [ req ]default_bits = 4096distinguished_name = req_distinguished_nameprompt = nostring_mask = utf8onlyx509_extensions = extensions[ req_distinguished_name ]O = Module Signing ExampleCN = Module Signing Example KeyemailAddress = [email protected][ extensions ]basicConstraints=critical,CA:FALSEkeyUsage=digitalSignatureextendedKeyUsage = codeSigningsubjectKeyIdentifier=hashauthorityKeyIdentifier=keyid You should edit the O, CN, and emailAddress fields to be more appropriate. Note that in the extensions section of the […]
Playing with Secure Boot – Exploring the Various Boot Options and Kernels in Oracle Linux
Playing with Secure Boot Secure Boot is an additional optional feature implemented in UEFI intended to help prevent malware execution during a boot process. To enable or disable Secure Boot, you need to access your specific UEFI setup program. This is different for each system manufacturer. Check your system documentation to see how to access […]
Updating the Machine Owner Key database – Exploring the Various Boot Options and Kernels in Oracle Linux
Updating the Machine Owner Key database Machine Owner Key (MOK) is a security feature designed to protect the boot process of a computer system from unauthorized modifications or attacks. It is typically used in systems that support UEFI and Secure Boot, which require all bootloaders and kernel modules to be signed by trusted entities. The […]
TrenchBoot – improving boot security and integrity – Exploring the Various Boot Options and Kernels in Oracle Linux
TrenchBoot – improving boot security and integrity TrenchBoot is a GitHub cross-community and cross-platform framework integration that grew from an idea by Apertus Solutions that originated in 2014 to deal with the limitations of using tboot to launch Xen for the OpenXT project and other contributors, such as Oracle (Intel), 3mdep (AMD), and Citrix (https://github.com/TrenchBoot). […]
Removing the RHCK – Exploring the Various Boot Options and Kernels in Oracle Linux
Removing the RHCK In this recipe, you will learn how to remove RHCK and its unique package dependencies while keeping all of UEK dependencies. Remember that when installing Oracle Linux, the installer automatically installs the Oracle UEK as the default kernel, but you can install RHCK for compatibility purposes. Getting ready Old versions of Oracle […]
What you need to know about local filesystems – Creating and Managing Single-Instance Filesystems
What you need to know about local filesystems This recipe will discuss the differences between local and remote filesystems, as well as the core differences between Btrfs and ZFS. The backbone of an operating system (OS) is the local filesystem. It enables efficient storage and management of files and directories on a computer or server […]
What you need to know about local filesystems 2 – Creating and Managing Single-Instance Filesystems
How to do it… Oracle Linux by default uses the XFS filesystem, but when doing the installation, you can use Btrfs as the root filesystem. If you want to use XFS as the boot filesystem, install it as you normally would. If you want to use Btrfs, then you should continue. Note Your boot filesystem […]