User:WavyEbuilder/Gentoo Hardened Verified Boot Install

From Gentoo Wiki
Jump to:navigation Jump to:search


This guide will walk through the process of installing Gentoo Linux with the following features:

  • Full Disk Encryption for the entire system (except for ESP)
  • Hardened Clang Toolchain
  • Secure Boot with support for option roms
  • Measured Boot using systemd-cryptenroll for automatic LUKS unlock of / and /usr (with an optional low-entropy pin)
  • Verified Boot using dm-verity and systemd-veritysetup for a tamper resistant /usr

It is important to note this guide is only intended to supplement the Gentoo Handbook. Do not blindly copy-paste directly from this guide. Please make sure to read through each command and adapt it to your specific use case.


  1. Requirements. Basic requirements and assumptions for the installation.