User:WavyEbuilder/Gentoo Hardened Verified Boot Install

From Gentoo Wiki
Jump to:navigation Jump to:search

Introduction

This guide will walk through the process of installing Gentoo Linux with the following features:

  • Full Disk Encryption for the entire system (except for ESP)
  • Hardened Clang Toolchain
  • Secure Boot with support for option roms
  • Measured Boot using systemd-cryptenroll for automatic LUKS unlock of / and /usr (with an optional low-entropy pin)
  • Verified Boot using dm-verity and systemd-veritysetup for a tamper resistant /usr

It is important to note this guide is only intended to supplement the Gentoo Handbook. Do not blindly copy-paste directly from this guide. Please make sure to read through each command and adapt it to your specific use case.

Chapters

  1. Requirements. Basic requirements and assumptions for the installation.
Retrieved from "https://wiki.gentoo.org/index.php?title=User:WavyEbuilder/Gentoo_Hardened_Verified_Boot_Install&oldid=1271438"