mortar | Framework to join Linux 's physical security bricks

 by   noahbliss Shell Version: Current License: GPL-3.0

kandi X-RAY | mortar Summary

kandi X-RAY | mortar Summary

mortar is a Shell library typically used in Embedded System applications. mortar has no bugs, it has no vulnerabilities, it has a Strong Copyleft License and it has low support. You can download it from GitHub.

TL;DR virtually all Linux distributions are critically vulnerable to physical bootloader attacks and potential disk key interception. Mortar fixes that. Mortar is an attempt to take the headache and fragmented processes out of joining Secureboot, TPM keys, and LUKS. Through the "Mortar Model" everything on disk that is used is either encrypted, signed, or hashed. The only location cleartext secrets are stored is in the TPM module, which is purpose-built to protect these keys against physical and virtual theft. The TPM is used to effectively whitelist certain boot states and Mortar configures it to only release the key when an untampered system is observed. Since this validation and unlocking process is completely automated, intact systems fully restart without human interaction. This makes full-disk encryption dramatically more convenient for end-users and finally viable on servers. Mortar aims to support both TPM 1.2 (via its own implementation) and TPM 2 (via clevis). LUKS1 and LUKS2 are both supported. Mortar is modular and designed to be distribution agnostic, but Debian receives the most love. Security note with TPM2: Clevis allows anyone with root access to fetch sufficent private data to unlock the drive. Protect the root account. With TPM1.2 Mortar leverages READ_STCLEAR to make this more difficult (thanks morbitzer). I'm investigating a way to make tpm2 work without clevis down the road. Note on updates: Unless there is a security issue that is remediated by a newer version of this framework, I highly advise that you not upgrade unless you are experiencing issues. If your system works, unlocks, and survives kernel and initramfs upgrades, leave it. The majority of changes here are for new supported distros, development scalability, and streamlining of data ingestion that may be incompatible with the version of mortar you are using. If you've freshly installed, by all means pull the latest version and use it. If you're sitting pretty, stay put. <3.
Support
    Quality
      Security
        License
          Reuse

            kandi-support Support

              mortar has a low active ecosystem.
              It has 175 star(s) with 11 fork(s). There are 6 watchers for this library.
              OutlinedDot
              It had no major release in the last 6 months.
              There are 5 open issues and 9 have been closed. On average issues are closed in 69 days. There are 3 open pull requests and 0 closed requests.
              It has a neutral sentiment in the developer community.
              The latest version of mortar is current.

            kandi-Quality Quality

              mortar has 0 bugs and 0 code smells.

            kandi-Security Security

              mortar has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
              mortar code analysis shows 0 unresolved vulnerabilities.
              There are 0 security hotspots that need review.

            kandi-License License

              mortar is licensed under the GPL-3.0 License. This license is Strong Copyleft.
              Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

            kandi-Reuse Reuse

              mortar releases are not available. You will need to build from source code and install.
              Installation instructions, examples and code snippets are available.

            Top functions reviewed by kandi - BETA

            kandi's functional review helps you automatically verify the functionalities of the libraries and avoid rework.
            Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of mortar
            Get all kandi verified functions for this library.

            mortar Key Features

            No Key Features are available at this moment for mortar.

            mortar Examples and Code Snippets

            No Code Snippets are available at this moment for mortar.

            Community Discussions

            QUESTION

            Filtering two columns of a dataframe with filter
            Asked 2022-Mar-13 at 07:43

            I have a dataframe of the following type:

            ...

            ANSWER

            Answered 2022-Mar-13 at 07:16

            Rather than using filter, I would suggest a more idiomatic way to proceed.

            Suppose you want to filter on the word "Mortar":

            Source https://stackoverflow.com/questions/71442167

            QUESTION

            Error with geom_text_repel when adding text labels to line graph from a different data set
            Asked 2022-Jan-25 at 15:21

            Disclaimer: I found something similar to this problem in a different post but the solution is not quite what I need.

            I have a data set, TGA, with a few time and temperature series involving different treatments.

            ...

            ANSWER

            Answered 2022-Jan-25 at 15:21

            The issue is that geom_text_repel() requires an x and a y aesthetic. This is not a problem in the first example that works, since the y aesthetic is mapped to Value [mg], and that column exists in both the TGA and decar_cotton_Air.

            In the second example, you are plotting using TGA_averages and mapping y = mean_weight_loss. Since geom_text_repel() in that case is set to look at decar_cotton_Air, it will expect there to be a column for what is specified in x and y mapping... in this case, it expects there to be x and y columns specified.

            The solution is to either rename a column in decar_cotton_Air to be called mean_weight_loss, or specify the y mapping separately in each geom instead of overall in the plot. Here's some pseudocode to give you an idea:

            Source https://stackoverflow.com/questions/70850575

            QUESTION

            converting dictionary to pandas dataframe in python
            Asked 2022-Jan-07 at 15:34

            I'm querying a API and pulling data that i need out of it. I then want to convert this to a pandas dataframe but not sure on best way to do it. I've got something that works but is very convoluted. The sample data below is a dictionary but this would really come from a API but it gets the point across.

            ...

            ANSWER

            Answered 2022-Jan-07 at 15:32

            I may be missing something here but is just this what you're after?

            Source https://stackoverflow.com/questions/70623472

            QUESTION

            How do you define a "Hello World" function in a seperate file in c++
            Asked 2022-Jan-04 at 10:30

            and I apologize for asking a very basic question, but basically, I'm not able to wrap my head around include "fileImade.h"

            I'm trying to write a main function, that's something like

            ...

            ANSWER

            Answered 2022-Jan-04 at 10:30

            The logic of the file separation may be imagined as:

            (single file program)

            Source https://stackoverflow.com/questions/70573267

            QUESTION

            HashMap not recognizing key, when key is an entity with a list of another entity
            Asked 2021-Nov-10 at 07:14

            I have an eCommerce type app (Spring Boot) in progress and I'm using a HashMap to keep track of items and item count in a shopping cart. When adding items to the cart the hashmap does not recognize similar items and makes a new entry in stead of adding to item count. I understand this is somehow related to Jpa and the way hashcode is generated. I tried the same situation as POJOs (no jpa or anything) and the key is recognized. I tried overriding equals(Object o) and hashCode() methods as shown below (to ignore the problematic list), but it does not help even though it now generates the same hashcode (as seen below). I would be very pleased to get this to work, thank you in advance!

            Item:

            ...

            ANSWER

            Answered 2021-Nov-10 at 07:14

            QUESTION

            Convert for loops into reduce
            Asked 2021-Jun-25 at 07:19

            I have written a piece of code previously to change an object in another format. The object to change is given below:

            ...

            ANSWER

            Answered 2021-Jun-25 at 05:33

            You can vastly simplify your logic by using a data constructor and a recursive function that uses it:

            Source https://stackoverflow.com/questions/68115260

            QUESTION

            Retrieve values from deep array PHP
            Asked 2021-Apr-24 at 06:24

            I have a 3 deep array. Currently, the code will isolate a record based on one field ($profcode) and show the heading. Eventually, I am going to build a table showing the information from all the other fields. The code so far is using in_array and a function that accepts $profcode. I am unsure if (and how) I need to use array_keys() to do the next part when I retrieve the "Skills" field. I tried:

            ...

            ANSWER

            Answered 2021-Apr-23 at 21:05

            I picked from your code and ended up with this...The find function is fine as is...just replace this section

            Source https://stackoverflow.com/questions/67195657

            QUESTION

            Recommendation System by using Euclidean Distance (TypeError: unsupported operand type(s) for -: 'str' and 'str')
            Asked 2021-Jan-03 at 19:48

            I have a problem about implementing recommendation system by using Euclidean Distance.

            What I want to do is to list some close games with respect to search criteria by game title and genre.

            Here is my project link : Link

            After calling function, it throws an error shown below. How can I fix it?

            Here is the error

            ...

            ANSWER

            Answered 2021-Jan-03 at 16:00

            The issue is that you are using euclidean distance for comparing strings. Consider using Levenshtein distance, or something similar, which is designed for strings. NLTK has a function called edit distance that can do this or you can implement it on your own.

            Source https://stackoverflow.com/questions/65551325

            QUESTION

            step progress bar
            Asked 2020-Nov-04 at 15:04

            I have a progress bar with 4 different steps. Is there a way to make it so when you press the next button, it changes the four test buttons to something else?

            Basically, I want to have 4 different pages under the 4 steps. So when you are on step 1, it shows you a page with buttons. When you click next, step 2 shows you something different like a line of text. Etc...

            If you are struggling to understand, here is a codepen with the result I desire: https://codepen.io/vajahath_ahmed/pen/xEgOdp notice how when you press next, the text changes. That is what I'm trying to achieve.

            ...

            ANSWER

            Answered 2020-Nov-04 at 15:04

            Since you are using the data-stepnum attribute as a counter, you can use this to trigger different divs. Check this out:

            1. Create content divs. We create a content div for each tab, with the class `step-content` and the attribute `data-stepnum`. Make sure the value of the data-stepnum is the same as each tabs. This attribute is the part where we connect the tab with the content. Notice the `active` class add the first div, because the first content tab is active as well.

            Source https://stackoverflow.com/questions/64674325

            QUESTION

            Add next button to step loading bar
            Asked 2020-Nov-01 at 19:06

            I have this loading bar. When you add active to div class="step", it adds progression. How do I add a next and previous button that makes active according to the step you are on.

            Please help!

            ...

            ANSWER

            Answered 2020-Nov-01 at 19:06

            Check the next() and previous() functions below, which do what I think you're striving for.

            Also, it's not obvious to me how your $(document).ready() function is necessary, and it might not be.

            Source https://stackoverflow.com/questions/64629186

            Community Discussions, Code Snippets contain sources that include Stack Exchange Network

            Vulnerabilities

            No vulnerabilities reported

            Install mortar

            I used the netboot install method and let it configure most things for me. I selected the encrypted lvm on luks option and accepted all the default configurations. This gave me: Partition1: ESP 512MB Partition2: /boot 256MB Partition3: Encrypted LUKS (remainder of disk) --> LVM /root (remainder -swap) --> LVM swap (up to 8GB). As I mentioned earlier, we should not be using an unencrypted /boot when we're done. For your reference, this defaulted to xts-aes512. I'd recommend either using xts-aes512 (security-leaning sweet spot) or xts-aes256 (performance-leaning sweet spot) but that's up to you. You can test your expected performance of each with: cryptsetup benchmark.
            Do this as root in a directory only root can access. (I typically use /root/git at this stage.). Install git and git clone this project. DON'T FORGET TO INSTALL THE TPM-VERSION-SPECIFIC PACKAGES THAT ARE ECHOED AT THE END. At this point you should have your /etc/mortar/mortar.env file generated and installed. Change any values that you'd like. /usr/local/sbin/mortar-compilesigninstall should also be installed.
            Measure TPM PCR values and store for later comparison.
            TPM2: tpm2_pcrlist Look at 7 and 1 especially.
            Put your BIOS's Secure Boot setting into "Audit" mode if possible then reboot into your OS and run ./2-. If it does not have an audit mode, you will need to manually install your Secure Boot keys. They are located in /etc/mortar/private/*.crt you may need to convert them to DER format first.
            Enroll any hashes that need to be enrolled (especially if booting from a raid-controller-hosted disk, system may not boot without this. NVIDIA proprietary graphics may also cause issues.).
            Put a password on the BIOS.
            Boot the system with secureboot on (and pray).
            Measure PCR values now that secureboot is set up. (PCR7 may be the same depending on if you enrolled additional hashes or not, PCR1 should have changed since BIOS settings were modified.)
            optional steps: Regenerate the signed EFI. This will move the first one to .old. Reboot, and reread the PCR values. This will let you see what stays the same when booting different EFI files that are both validly signed.
            Make sure you've set a BIOS password and made any necessary settings changes to your BIOS before the next step.
            Run the luks script for the TPM version being used. ./3-
            Update initramfs. (done by the script)
            Regenerate EFI.
            Reboot and pray.
            If it all works, then you just booted to a login prompt with the disk being automatically unlocked.

            Support

            If the EFI fails to boot, but external media still works: Make sure you enroll the hashes of your RAID cards and other media. The Dell BIOS on the R730 I tested with had a convenient way of doing this in the secureboot>custom>db>enrollment section of the BIOS. Authorizing hashes this way SHOULD (did on my system, make sure yours does!) change your PCR7 value, so check that and rebind your TPM state using the luks script if you make this change. TPM 1.2 errors accessing the index during boot: If using TPM 1.2, do not use "troublesome" characters in the Owner Password that would potentially cause errors when stored in a variable. Examples would include "/$()*| " and such. Please DO make the passwords complex though. By re-running the luks script, you can opt to "own" the TPM device and change this password.
            Find more information at:

            Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items

            Find more libraries
            CLONE
          • HTTPS

            https://github.com/noahbliss/mortar.git

          • CLI

            gh repo clone noahbliss/mortar

          • sshUrl

            git@github.com:noahbliss/mortar.git

          • Stay Updated

            Subscribe to our newsletter for trending solutions and developer bootcamps

            Agree to Sign up and Terms & Conditions

            Share this Page

            share link

            Explore Related Topics

            Consider Popular Shell Libraries

            awesome

            by sindresorhus

            ohmyzsh

            by ohmyzsh

            realworld

            by gothinkster

            nvm

            by nvm-sh

            papers-we-love

            by papers-we-love

            Try Top Libraries by noahbliss

            Viper4Linux

            by noahblissShell

            freeipa-sam

            by noahblissShell

            cyberark-clients

            by noahblissShell

            freeipa-pen

            by noahblissShell

            pacaur-install.sh

            by noahblissShell