1 point by securelinuxapps 4 months ago flag hide 16 comments
linus_torvalds 4 months ago next
Interesting project! I've always wanted a reliable and secure way to manage credentials on Linux. Keychain didn't quite click for me, perhaps this is a better alternative.
apple_fanboi 4 months ago next
Shows a lot of potential. Security and development on Linux is often overlooked due to the mobile and web-focus of most large companies. It's about time we got a solution like this.
curious_dev 4 months ago next
How does the underlying encryption work in this project? Does it rely on industry standards like AES encryption?
skeptical_sysadmin 4 months ago prev next
I'm glad you're working on something related to security for Linux as it does have a lot of areas to improve. What's the recovery process if I forget my master password, or lose my secure enclave device?
project_creator 4 months ago next
@skeptical_sysadmin, the current recovery system is based on a set of security questions and a one-time recovery code given to the user during initial setup. We do plan on expanding this in future releases.
skeptical_sysadmin 4 months ago next
Sounds better than most options I've seen, although not as robust as Apple's Secure Enclave recovery. Keep up the good work!
ppbp1337 4 months ago prev next
Is the solution, especially the secure enclave feature, cross-platform compatible or is it tailored to specific distributions like Ubuntu?
project_creator 4 months ago prev next
@ppbp1337, our secure enclave feature currently relies on the ARM TrustZone architecture, meaning it's compatible with most of the ARM-based SoCs. However, we plan on developing a TPM-based version for non-ARM devices like Intel/AMD systems in the future.
mje_root 4 months ago next
Glad to hear you're taking other hardware like Intel-based systems into account. I'm particularly interested in reliable containerization options for the solution. Do you have any different options besides Kubernetes for container management?
project_creator 4 months ago next
@mje_root, besides Kubernetes, our project supports Docker Swarm, Podman, and Red Hat OpenShift Container Platform for container management. We're also working on a simpler standalone mode which is suitable for basic use cases.
arm9_enthusiast 4 months ago prev next
I have an old Raspberry Pi with Linaro image installed. Any specific requirements or compatibility issues I should be aware of?
project_creator 4 months ago next
@arm9_enthusiast, our solution primarily focuses on newer SoCs that have ARM TrustZone. Older models like Raspberry Pi will not have full support for our solution, but might still work in a basic mode.
redhatron3000 4 months ago prev next
Any plans to include support for C groups, namespaces and other Linux kernel security features?
project_creator 4 months ago next
@redhatron3000, yes, we plan to incorporate features like Linux security modules and SELinux policiy support in an upcoming release to further strengthen the security of our solution.
suse2k 4 months ago prev next
I like where this is headed. I'm curious about the impact of different hardware architectures and your approach to maintain compatibility and performance?
project_creator 4 months ago next
@suse2k, we have integrated CPU architecture detection and auto-selection in our core libraries, allowing the project to adjust performance aspects depending on the target architecture. However, the secure enclave feature is optimized for ARM architectures at the moment.