2016-08-03 03:29:46 +00:00
|
|
|
|
|
|
|
|
|
2016-07-25 13:06:36 +00:00
|
|
|
Heads: the other side of TAILS
|
|
|
|
|
===
|
|
|
|
|
|
2016-08-03 03:29:46 +00:00
|
|
|
|
2016-07-25 13:06:36 +00:00
|
|
|
Heads is a configuration for laptops that tries to bring more security
|
|
|
|
|
to commodity hardware. Among its goals are:
|
|
|
|
|
|
|
|
|
|
* Use free software on the boot path
|
2016-08-03 03:29:46 +00:00
|
|
|
* Move the root of trust into hardware (or at least the ROM bootblock)
|
2016-07-25 13:06:36 +00:00
|
|
|
* Measure and attest to the state of the firmware
|
|
|
|
|
* Measure and verify all filesystems
|
|
|
|
|
|
2016-08-03 03:29:46 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
NOTE: It is a work in progress and not yet ready for users.
|
|
|
|
|
If you're interested in contributing, please get in touch.
|
|
|
|
|
Installation requires disassembly of your laptop or server,
|
|
|
|
|
external SPI flash programmers, possible risk of destruction and
|
|
|
|
|
significant frustration.
|
2016-07-25 14:08:53 +00:00
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
Components:
|
|
|
|
|
|
|
|
|
|
* CoreBoot
|
|
|
|
|
* Linux
|
|
|
|
|
* busybox
|
|
|
|
|
* kexec
|
|
|
|
|
* tpmtotp
|
|
|
|
|
* QubesOS (Xen)
|
2016-07-28 04:08:33 +00:00
|
|
|
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
Notes:
|
|
|
|
|
|
2016-08-03 03:29:46 +00:00
|
|
|
* Building coreboot's cross compilers can take a while.
|
|
|
|
|
* Currently only tested in Qemu and on a Thinkpad x230
|
|
|
|
|
* Booting Qubes requires patching Xen's real mode startup code;
|
2016-08-03 22:10:44 +00:00
|
|
|
see `patches/xen-4.6.3.patch` and add `no-real-mode` to start
|
|
|
|
|
of the Xen command line.
|
