Sorry for late reply,

This sounds like just what I was hoping to learn about

To give some context, I am currently trying to learn how to make reproducible OS builds using mkosi

One of the big advantages of the tool is that is helps get closer to the points outlined in Fitting Everything together by Pottering in which he outlines some key goals including:
- increasing usage of the TPM to increase security
- self-signing keys so we can have operating systems that are both immutable AND hackable (no more corporate signed keys!)
- ensuring the validity of the entire stack by using secure boot, encrypted home drives, and sandboxing for user applications to make a more secure environment

All of this is with the goal of running particleos eventually but i would settle for just a custom-rolled arch distro that I upgrade in A/B fashion. But one of the fundamental assumptions of all of this is that im self-signing keys and using them for everything from secure-boot, to my home drive if necessary but I have held off from learning these security topics until now!

On Thu, Apr 10, 2025 at 10:54 PM Michael Paoli via BALUG-Talk <balug-talk@lists.balug.org> wrote:



---------- Forwarded message ----------
From: Michael Paoli <michael.paoli@berkeley.edu>
To: BALUG-Talk <balug-talk@lists.balug.org>
Cc: Darrion Burgess <dargondab9@gmail.com>
Bcc: 
Date: Thu, 10 Apr 2025 22:52:53 -0700
Subject: [BALUG-Talk] Discussion topic(s) for Tuesday's meeting? :-)
Thanks all, yes meeting last month was excellent, thanks for making it
so!

So, I was thinking, topic(s) (not that we need be limited to such) for
meeting this month (soon - Tuesday!) ... and following a bit from last
month's meeting, perhaps something along the lines:
Linux encryption and security hardware.
So, perhaps around LUKS, TPM chip, YubiKey, FIDO2, etc.
More-or-less extension of fair bit that was discussed at last meeting.
And, not too horribly redundant with presentations/talks/topics that
have been done at BALUG before (e.g. done LUKS presentation before,
have at least had security as topic, but don't think we've (much)
covered TPM chip, YubiKey, FIDO2, etc. before, so was thinking to mix it
up and expand it a bit more.
Also, did we have some other question(s)/topic(s) from last meeting that
we didn't quite get around to covering?

Feel free to let me know your thoughts, and I'll put together at
least something regarding (at least leading, but by no means limited to)
topics for the meeting, and will get that then updated on the web site,
and also use that for items sent to the Announce list before the
meeting.  Anyway, I'm hoping/aiming to get that done and at least
initial bits out in the next couple days or so



---------- Forwarded message ----------
From: Michael Paoli via BALUG-Talk <balug-talk@lists.balug.org>
To: BALUG-Talk <balug-talk@lists.balug.org>
Cc: Darrion Burgess <dargondab9@gmail.com>
Bcc: 
Date: Thu, 10 Apr 2025 22:52:53 -0700
Subject: [BALUG-Talk] Discussion topic(s) for Tuesday's meeting? :-)
_______________________________________________
list: BALUG-Talk@lists.balug.org help: https://lists.balug.org/help/
unsubscribe email: balug-talk-unsubscribe@lists.balug.org