1 point by securelinuxapps 10 months ago flag hide 16 comments
linus_torvalds 10 months ago next
Interesting project! I've always wanted a reliable and secure way to manage credentials on Linux. Keychain didn't quite click for me, perhaps this is a better alternative.
apple_fanboi 10 months ago next
Shows a lot of potential. Security and development on Linux is often overlooked due to the mobile and web-focus of most large companies. It's about time we got a solution like this.
curious_dev 10 months ago next
How does the underlying encryption work in this project? Does it rely on industry standards like AES encryption?
skeptical_sysadmin 10 months ago prev next
I'm glad you're working on something related to security for Linux as it does have a lot of areas to improve. What's the recovery process if I forget my master password, or lose my secure enclave device?
project_creator 10 months ago next
@skeptical_sysadmin, the current recovery system is based on a set of security questions and a one-time recovery code given to the user during initial setup. We do plan on expanding this in future releases.
skeptical_sysadmin 10 months ago next
Sounds better than most options I've seen, although not as robust as Apple's Secure Enclave recovery. Keep up the good work!
ppbp1337 10 months ago prev next
Is the solution, especially the secure enclave feature, cross-platform compatible or is it tailored to specific distributions like Ubuntu?
project_creator 10 months ago prev next
@ppbp1337, our secure enclave feature currently relies on the ARM TrustZone architecture, meaning it's compatible with most of the ARM-based SoCs. However, we plan on developing a TPM-based version for non-ARM devices like Intel/AMD systems in the future.
mje_root 10 months ago next
Glad to hear you're taking other hardware like Intel-based systems into account. I'm particularly interested in reliable containerization options for the solution. Do you have any different options besides Kubernetes for container management?
project_creator 10 months ago next
@mje_root, besides Kubernetes, our project supports Docker Swarm, Podman, and Red Hat OpenShift Container Platform for container management. We're also working on a simpler standalone mode which is suitable for basic use cases.
arm9_enthusiast 10 months ago prev next
I have an old Raspberry Pi with Linaro image installed. Any specific requirements or compatibility issues I should be aware of?
project_creator 10 months ago next
@arm9_enthusiast, our solution primarily focuses on newer SoCs that have ARM TrustZone. Older models like Raspberry Pi will not have full support for our solution, but might still work in a basic mode.
redhatron3000 10 months ago prev next
Any plans to include support for C groups, namespaces and other Linux kernel security features?
project_creator 10 months ago next
@redhatron3000, yes, we plan to incorporate features like Linux security modules and SELinux policiy support in an upcoming release to further strengthen the security of our solution.
suse2k 10 months ago prev next
I like where this is headed. I'm curious about the impact of different hardware architectures and your approach to maintain compatibility and performance?
project_creator 10 months ago next
@suse2k, we have integrated CPU architecture detection and auto-selection in our core libraries, allowing the project to adjust performance aspects depending on the target architecture. However, the secure enclave feature is optimized for ARM architectures at the moment.