first of all, hi everyone :3
just a very quick paragraph to show that (1) i know what i’m talking about (2) what level of technical detail you can use with me [saying this preemptively since bad-faith comments is how internet works those days]
i’ve used many different linux flavors in my life. ubuntu, arch, gentoo, and everything in-between. i’ve been in anxiety-fueled paranoid arks, where i had my KeePassXC passwords database files protected with at least 3 layers of encryption + security key and split-secrets. totally inconvenient, and hardly any better* than just KeePassXC’s password
*given my current, more realistic thread model [i started taking anti-anxiety meds :D]
so, after i decided to try to install linux on my oldie MacBookPro 2018, with the T2 security chip, I got really curious about hardware security. as well as projects like GrapheneOS that utilize Google Pixel’s hardware security elements.
i don’t really have a real-world use case, at least not for myself, of hardened hardware security, but this stuff is just so fun to learn about that I can’t help but wonder – are there any laptop manufacturers that (1) have [advanced] hardware security elements (2) actually allow to utilize it in some kind of linux flavor?
some things I’d consider hardware security elements:
- secure boot
- an ability to make system partition read-only and verifiable on boot
- storage of encryption keys separately from other memory
- including for tasks such as full-disk encryption
- memory protection/tagging
and more
any links/sources to learn more about it are highly appreciated :3
P.S. It’s also sad that, for example, on linux, there isn’t really a way to allow apps to access only their secrets stored in a keyring, and nothing else.
