Skip to content

Instantly share code, notes, and snippets.

View utzig's full-sized avatar

Fabio Utzig utzig

200 followers · 293 following
  • Brazil
View GitHub Profile
@utzig
utzig / Arch Install Guide 2025 - PART 1 - Secure Boot and Encrypted Device.md
Created February 6, 2026 20:36 — forked from mark-akturatech/Arch Install Guide 2025 - PART 1 - Secure Boot and Encrypted Device.md
Arch Install Guide 2025 - PART 1 - Secure Boot and Encrypted Device

Arch Install Guide 2025 - PART 1

Secure Boot and Encrypted Device

Precursor

This guide will install Arch Linux on a Secure Boot enabled drive using block level at-rest LUKS encryption with passwordless unlocking using TPM. TPM will issue an passkey if and only if Secure Boot is enabled and the system firmware has not been altered. We will also be creating a unified kernel image so that we can boot Linux directly in the EFI partition without requiring a boot loader.

We will also be creating a backup key to enable booting of the drive in case of BIOS upgrade or other event that may make TPM not serve the key. The code should obviously be stored securely elsewhere off system.

@utzig
utzig / arch_linux_installation_guide.md
Created December 20, 2024 23:21 — forked from mjkstra/arch_linux_installation_guide.md
A modern, updated installation guide for Arch Linux with BTRFS on an UEFI system
@utzig
utzig / flash_map.c
Created July 2, 2020 12:16 — forked from aport/flash_map.c
MCUBoot flash_map layer for ChibiOS
#include <hal.h>
#include <flash_map_backend/flash_map_backend.h>
#include <bootconf.h>
/* License this file however you want, feel free to do anything */
/*
* This depends on a file bootconf.h which contains the following information:
@utzig
utzig / infosec_newbie.md
Created May 30, 2020 14:43 — forked from mubix/infosec_newbie.md
How to start in Infosec
@utzig
utzig / gist:1daf05bc449255ebd68d19aad8c03be6
Created November 29, 2019 15:21 — forked from rxaviers/gist:7360908
Complete list of github markdown emoji markup

People

:bowtie: :bowtie: πŸ˜„ :smile: πŸ˜† :laughing:
😊 :blush: πŸ˜ƒ :smiley: ☺️ :relaxed:
😏 :smirk: 😍 :heart_eyes: 😘 :kissing_heart:
😚 :kissing_closed_eyes: 😳 :flushed: 😌 :relieved:
πŸ˜† :satisfied: 😁 :grin: πŸ˜‰ :wink:
😜 :stuck_out_tongue_winking_eye: 😝 :stuck_out_tongue_closed_eyes: πŸ˜€ :grinning:
πŸ˜— :kissing: πŸ˜™ :kissing_smiling_eyes: πŸ˜› :stuck_out_tongue:
@utzig
utzig / arch-linux-install
Created July 17, 2017 13:54 — forked from mattiaslundberg/arch-linux-install
Minimal instructions for installing arch linux on an UEFI system with full system encryption using dm-crypt and luks
# Install ARCH Linux with encrypted file-system and UEFI
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description.
# Download the archiso image from https://www.archlinux.org/
# Copy to a usb-drive
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux
# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration.
# Set swedish keymap