0e769e1426
Merge pull request #44 from Tachi107/patch-1
...
protecting-code-integrity: fix typo in subtitle
2022-07-26 13:54:44 -04:00
1e6e85aebb
protecting-code-integrity: fix typo in subtitle
...
cerification -> certification
Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
2022-07-26 19:32:41 +02:00
e536c34df0
Merge branch 'master' of https://github.com/mricon/itpol into mricon-master
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 15:12:38 -04:00
bc0503d8bf
Update the code integrity guide for 2021
...
- Remove traces of gnupg-1.4, as everything is finally gnupg-2.x
- Switch to using ECC cryptography for the subkeys
- Stop calling the certification subkey the "master key" as it's a
bad analogy and that terminology isn't used anywhere in GnuPG docs
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 12:41:52 -04:00
f879c68248
Add a table of contents to each guide
...
Signed-off-by: salah3x <salah.loukili@gmail.com>
2021-05-13 10:33:07 -04:00
19b027f63a
Fix Broken links to Announcement
...
The hosting space for the initial blog post announcing this work was
moved, and a redirect put in place. That redirect appears to have
stopped, or the article moved again. Either way, this appears to be the
canonical location of the article.
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2021-05-13 10:32:37 -04:00
4ca8b99e0b
Update protecting-code-integrity.md
...
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.
From the developer:
http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
2021-05-13 10:32:37 -04:00
6ff6fdad73
Use -o instead of stdout redirect with paperkey
...
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 10:32:33 -04:00
31afef433d
Remove kernel-developer-pgp-guide
...
This document is now part of the official kernel documentation found
here:
https://www.kernel.org/doc/html/latest/process/maintainer-pgp-guide.html
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 10:27:24 -04:00
6c293acc00
Merge pull request #34 from salah3x/master
...
Add a table of contents to each guide
2020-05-11 09:13:28 -07:00
11ed0bf162
Add a table of contents to each guide
...
Signed-off-by: salah3x <salah.loukili@gmail.com>
2020-05-10 07:14:30 +00:00
d6737c777e
Merge pull request #30 from bramwelt/master
...
Fix Broken links to Announcement
2019-04-16 09:19:05 -07:00
180a2fd99f
Fix Broken links to Announcement
...
The hosting space for the initial blog post announcing this work was
moved, and a redirect put in place. That redirect appears to have
stopped, or the article moved again. Either way, this appears to be the
canonical location of the article.
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2019-04-15 11:37:35 -07:00
ff92fae080
Merge pull request #29 from sanmai/patch-1
...
Remove reset code instructions (erroneous info)
2019-04-08 13:03:31 -04:00
6e27a0f9ae
Update protecting-code-integrity.md
...
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.
From the developer:
http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
2019-04-08 16:49:49 +09:00
51026930ef
Use -o instead of stdout redirect with paperkey
...
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-31 20:40:03 -05:00
51be7788df
Minor wording tweaks
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-26 11:59:28 -05:00
2158dc39b2
Rework free software/audience paragraph
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 16:50:44 -05:00
a4924d87b5
ECC support is in GnuPG 2.1+, not v2 in general
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 16:23:43 -05:00
319a4729a3
Wording on the kernel guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 12:04:31 -05:00
6747fadc24
Finish up the kernel developer PGP guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 11:54:52 -05:00
7b5b243a37
Almost done on the kernel guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-24 17:23:23 -05:00
85ae656965
Start work on kernel-specific guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-23 16:13:43 -05:00
9ebcdf3b75
Minor tweaks and take out of BETA
...
Protecting code integrity is ready to go production.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-23 10:50:52 -05:00
1d3b58d17a
Tweak some wording
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-18 16:41:38 -05:00
7c7477f20c
What is git PGP integration trying to solve?
...
Per question in #28 , explain why git and pgp integration are useful.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-18 16:32:31 -05:00
126e4f0b5d
Add a note that cp on sockets will fail, but is ok
...
Per issue #25 .
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-18 08:32:17 -05:00
8a9d547d3e
Explain why master key is 4096 bits
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-18 08:28:38 -05:00
d859f24c82
Merge pull request #26 from henrich/master
...
Add GPG4Win installation for Windows Platform
2017-12-18 08:15:17 -05:00
f302bf3478
Add GPG4Win installation for Windows Platform
2017-12-17 13:22:56 +09:00
e836303976
Merge pull request #24 from ftheile/patch-1
...
Use `--homedir` consistently
2017-12-15 13:53:54 -05:00
1c36837f07
Use `--homedir` consistently
2017-12-15 18:16:41 +01:00
304cd46a38
Merge pull request #23 from ftheile/patch-2
...
Master key backup: use consistent mount point in all examples
2017-12-15 09:20:28 -05:00
eaf82430cd
Merge pull request #22 from ftheile/patch-1
...
Always use `~` instead of `$HOME` for consistency
2017-12-15 09:20:01 -05:00
3162817e7c
Master key backup: use consistent mount point in all examples
2017-12-15 08:53:25 +01:00
6c208d9583
Always use `~` instead of `$HOME` for consistency
2017-12-15 08:15:11 +01:00
790759787e
Typo and wording fixes
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-14 15:08:16 -05:00
e44163234d
Add TRANSLATIONS file
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-14 14:28:01 -05:00
1501d8869d
Set status CURRENT/BETA/OUTDATED
...
Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:44:35 -05:00
eafaf6ccc1
Tweak verbiage
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:37:41 -05:00
501e4ceb88
Remove the zh_CN translation
...
It's obsolete and I have decided not to track these in the same repo.
Please publish your own forks with translated documents and I will
create a translations.md file with links.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:18:09 -05:00
3148a35dda
Add U2F section and tweak wks-security doc
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:16:44 -05:00
34233e9d81
Move to protecting-coide-integrity
...
Largely finishes the document -- will work on updated content in
"trusted team communication" and by reviewing the workstation security
guide.
We need at least a basic workstation security guide for the Mac systems.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-12 16:54:03 -05:00
9d61a13f1c
Edits and a privacy note for keyservers
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-11 14:07:21 -05:00
f35667dddc
Add large chunk of git+pgp content
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-08 17:18:53 -05:00
62815ea38e
Largely finish the PGP/smartcard section
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-07 15:53:50 -05:00
a93d12f80a
Add more GnuPG bits
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-06 17:07:14 -05:00
c51f664e8e
More base PGP work
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-05 16:37:05 -05:00
526b138907
Start on Developer Security Hygiene
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-04 16:46:02 -05:00
b5b0034191
Remove GrSecurity/PAX and trim down SELinux
...
Now that GrSecurity/PaX are no longer available for free download, it is
almost impossible to get it without paying significant amounts of money.
Remove them from the recommendation, but mention that it remains a
viable option for anyone who has a subscription.
Additionally, trim down the SELinux section to remove the detailed
instructions on audit2allow and staff_u. Such details are probably
best suited for a dedicated document.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-11-15 15:47:42 -05:00
Konstantin Ryabitsev
Andrea Pappacoda
salah3x
Trevor Bramwell
Alexey Kopytko
Andrew Grimberg
Andrew Grimberg
Konstantin Ryabitsev
Hideki Yamane
Frank Theile