User:WavyEbuilder/Gentoo Hardened Verified Boot Install
This guide will walk through the process of installing Gentoo Linux with the following features:
- Full Disk Encryption for the entire system (except for ESP)
- Hardened Clang Toolchain
- Secure Boot with support for option roms
- Measured Boot using systemd-cryptenroll for automatic LUKS unlock of / and /usr (with an optional low-entropy pin)
- Verified Boot using dm-verity and systemd-veritysetup for a tamper resistant /usr
It is important to note this guide is only intended to supplement the Gentoo Handbook. Do not blindly copy-paste directly from this guide. Please make sure to read through each command and adapt it to your specific use case.
- Requirements. Basic requirements and assumptions for the installation.