ANISH M
7cf9c97e3c
Merge 69451f0aab
into 0e769e1426
2022-07-27 12:27:55 +02:00
Konstantin Ryabitsev
0e769e1426
Merge pull request #44 from Tachi107/patch-1
...
protecting-code-integrity: fix typo in subtitle
2022-07-26 13:54:44 -04:00
Andrea Pappacoda
1e6e85aebb
protecting-code-integrity: fix typo in subtitle
...
cerification -> certification
Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
2022-07-26 19:32:41 +02:00
ANISH M
69451f0aab
Update AppArmor status of Debian
...
Debian has Apparmor Mandatory Access Control enabled by default since Debian 10 buster release.
2021-07-20 21:16:57 +05:30
Konstantin Ryabitsev
e536c34df0
Merge branch 'master' of https://github.com/mricon/itpol into mricon-master
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 15:12:38 -04:00
Konstantin Ryabitsev
bc0503d8bf
Update the code integrity guide for 2021
...
- Remove traces of gnupg-1.4, as everything is finally gnupg-2.x
- Switch to using ECC cryptography for the subkeys
- Stop calling the certification subkey the "master key" as it's a
bad analogy and that terminology isn't used anywhere in GnuPG docs
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 12:41:52 -04:00
salah3x
f879c68248
Add a table of contents to each guide
...
Signed-off-by: salah3x <salah.loukili@gmail.com>
2021-05-13 10:33:07 -04:00
Trevor Bramwell
19b027f63a
Fix Broken links to Announcement
...
The hosting space for the initial blog post announcing this work was
moved, and a redirect put in place. That redirect appears to have
stopped, or the article moved again. Either way, this appears to be the
canonical location of the article.
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2021-05-13 10:32:37 -04:00
Alexey Kopytko
4ca8b99e0b
Update protecting-code-integrity.md
...
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.
From the developer:
http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
2021-05-13 10:32:37 -04:00
Konstantin Ryabitsev
6ff6fdad73
Use -o instead of stdout redirect with paperkey
...
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 10:32:33 -04:00
Konstantin Ryabitsev
31afef433d
Remove kernel-developer-pgp-guide
...
This document is now part of the official kernel documentation found
here:
https://www.kernel.org/doc/html/latest/process/maintainer-pgp-guide.html
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2021-05-13 10:27:24 -04:00
Andrew Grimberg
6c293acc00
Merge pull request #34 from salah3x/master
...
Add a table of contents to each guide
2020-05-11 09:13:28 -07:00
salah3x
11ed0bf162
Add a table of contents to each guide
...
Signed-off-by: salah3x <salah.loukili@gmail.com>
2020-05-10 07:14:30 +00:00
Andrew Grimberg
d6737c777e
Merge pull request #30 from bramwelt/master
...
Fix Broken links to Announcement
2019-04-16 09:19:05 -07:00
Trevor Bramwell
180a2fd99f
Fix Broken links to Announcement
...
The hosting space for the initial blog post announcing this work was
moved, and a redirect put in place. That redirect appears to have
stopped, or the article moved again. Either way, this appears to be the
canonical location of the article.
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2019-04-15 11:37:35 -07:00
Konstantin Ryabitsev
ff92fae080
Merge pull request #29 from sanmai/patch-1
...
Remove reset code instructions (erroneous info)
2019-04-08 13:03:31 -04:00
Alexey Kopytko
6e27a0f9ae
Update protecting-code-integrity.md
...
Reset code is not for resetting the card to defaults. It is used to unblock the card after to many attempts to enter a user PIN code without an admin PIN.
From the developer:
http://www.fsij.org/doc-gnuk/gnuk-passphrase-setting.html#set-up-of-reset-code-optional
2019-04-08 16:49:49 +09:00
Konstantin Ryabitsev
51026930ef
Use -o instead of stdout redirect with paperkey
...
Using -o makes sure that the file is created with 0600 permissions
instead of whatever the default umask setting is.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-31 20:40:03 -05:00
Konstantin Ryabitsev
51be7788df
Minor wording tweaks
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-26 11:59:28 -05:00
Konstantin Ryabitsev
2158dc39b2
Rework free software/audience paragraph
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 16:50:44 -05:00
Konstantin Ryabitsev
a4924d87b5
ECC support is in GnuPG 2.1+, not v2 in general
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 16:23:43 -05:00
Konstantin Ryabitsev
319a4729a3
Wording on the kernel guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 12:04:31 -05:00
Konstantin Ryabitsev
6747fadc24
Finish up the kernel developer PGP guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-25 11:54:52 -05:00
Konstantin Ryabitsev
7b5b243a37
Almost done on the kernel guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-24 17:23:23 -05:00
Konstantin Ryabitsev
85ae656965
Start work on kernel-specific guide
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-23 16:13:43 -05:00
Konstantin Ryabitsev
9ebcdf3b75
Minor tweaks and take out of BETA
...
Protecting code integrity is ready to go production.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-23 10:50:52 -05:00
Konstantin Ryabitsev
1d3b58d17a
Tweak some wording
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-18 16:41:38 -05:00
Konstantin Ryabitsev
7c7477f20c
What is git PGP integration trying to solve?
...
Per question in #28 , explain why git and pgp integration are useful.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2018-01-18 16:32:31 -05:00
Konstantin Ryabitsev
126e4f0b5d
Add a note that cp on sockets will fail, but is ok
...
Per issue #25 .
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-18 08:32:17 -05:00
Konstantin Ryabitsev
8a9d547d3e
Explain why master key is 4096 bits
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-18 08:28:38 -05:00
Konstantin Ryabitsev
d859f24c82
Merge pull request #26 from henrich/master
...
Add GPG4Win installation for Windows Platform
2017-12-18 08:15:17 -05:00
Hideki Yamane
f302bf3478
Add GPG4Win installation for Windows Platform
2017-12-17 13:22:56 +09:00
Konstantin Ryabitsev
e836303976
Merge pull request #24 from ftheile/patch-1
...
Use `--homedir` consistently
2017-12-15 13:53:54 -05:00
Frank Theile
1c36837f07
Use --homedir
consistently
2017-12-15 18:16:41 +01:00
Konstantin Ryabitsev
304cd46a38
Merge pull request #23 from ftheile/patch-2
...
Master key backup: use consistent mount point in all examples
2017-12-15 09:20:28 -05:00
Konstantin Ryabitsev
eaf82430cd
Merge pull request #22 from ftheile/patch-1
...
Always use `~` instead of `$HOME` for consistency
2017-12-15 09:20:01 -05:00
Frank Theile
3162817e7c
Master key backup: use consistent mount point in all examples
2017-12-15 08:53:25 +01:00
Frank Theile
6c208d9583
Always use ~
instead of $HOME
for consistency
2017-12-15 08:15:11 +01:00
Konstantin Ryabitsev
790759787e
Typo and wording fixes
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-14 15:08:16 -05:00
Konstantin Ryabitsev
e44163234d
Add TRANSLATIONS file
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-14 14:28:01 -05:00
Konstantin Ryabitsev
1501d8869d
Set status CURRENT/BETA/OUTDATED
...
Need to mark that the protecting-code-integrity document is not quite
ready to be called final product.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:44:35 -05:00
Konstantin Ryabitsev
eafaf6ccc1
Tweak verbiage
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:37:41 -05:00
Konstantin Ryabitsev
501e4ceb88
Remove the zh_CN translation
...
It's obsolete and I have decided not to track these in the same repo.
Please publish your own forks with translated documents and I will
create a translations.md file with links.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:18:09 -05:00
Konstantin Ryabitsev
3148a35dda
Add U2F section and tweak wks-security doc
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-13 16:16:44 -05:00
Konstantin Ryabitsev
34233e9d81
Move to protecting-coide-integrity
...
Largely finishes the document -- will work on updated content in
"trusted team communication" and by reviewing the workstation security
guide.
We need at least a basic workstation security guide for the Mac systems.
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-12 16:54:03 -05:00
Konstantin Ryabitsev
9d61a13f1c
Edits and a privacy note for keyservers
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-11 14:07:21 -05:00
Konstantin Ryabitsev
f35667dddc
Add large chunk of git+pgp content
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-08 17:18:53 -05:00
Konstantin Ryabitsev
62815ea38e
Largely finish the PGP/smartcard section
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-07 15:53:50 -05:00
Konstantin Ryabitsev
a93d12f80a
Add more GnuPG bits
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-06 17:07:14 -05:00
Konstantin Ryabitsev
c51f664e8e
More base PGP work
...
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
2017-12-05 16:37:05 -05:00