V8.00.000.2025.06.17
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 55s
All checks were successful
🛡️ Shell Script Linting / 🛡️ Shell Script Linting (push) Successful in 55s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
@@ -114,11 +114,13 @@ dropbear:
|
||||
firewall: false # Yet not implemented. MUST be "false".
|
||||
# Additional ultra hardening of the dropbear initramfs environment via firewall.
|
||||
# The "bastion_ipv4" MUST be provided.
|
||||
pgp_key: "/.pubkey/marc_s_weidner_msw@coresecret.dev_0xE62E84F8_public.asc"
|
||||
# './path/to/pgp_public_key.asc' to check the signature of: 'unlock-wrapper.sh'
|
||||
port: 42137 # SSH Port dropbear initramfs should listen.
|
||||
sig_file: "/.preseed/unlock-wrapper.sh.sha512.sig"
|
||||
# './path/to/unlock-wrapper.sh.sha512.sig' to verify the integrity of: 'unlock-wrapper.sh'
|
||||
pub_key: "/.preseed/unlock_wrapper_pubring.gpg"
|
||||
# './path/to/unlock_wrapper_pubring.pgp' to check the signature of: 'unlock-wrapper.sh.sha512.sig'
|
||||
sha_file: "/.preseed/unlock_wrapper.sh.sha512"
|
||||
# './path/to/unlock_wrapper.sh.sha512' to verify the integrity of: 'unlock-wrapper.sh'
|
||||
sig_file: "/.preseed/unlock_wrapper.sh.sha512.sig"
|
||||
# './path/to/unlock_wrapper.sh.sha512.sig' to verify the authenticity of: 'unlock-wrapper.sh.sha512'
|
||||
|
||||
################################################################################################################################
|
||||
# Grub Bootparameter
|
||||
@@ -423,7 +425,7 @@ grub_parameter:
|
||||
grub:
|
||||
background: # RECOMMENDED settings: JPG 1280 x 1024 px or JPG 1920 x 1080 px
|
||||
enable: true # If you want to add a GRUB background.
|
||||
path: "/includes/target/etc/default/grub.d/hexagon_800_600.png"
|
||||
path: "/includes/target/etc/default/grub.d/hexagon_1280_720.png"
|
||||
bootdev: "/dev/sda" # Due notably to potential USB sticks, the location of the primary drive cannot be determined
|
||||
# safely in general, so this needs to be specified.
|
||||
force_efi: true # Force GRUB installation to the EFI removable media path?
|
||||
@@ -441,6 +443,8 @@ grub:
|
||||
# record if no other operating system is detected on the machine.
|
||||
other-os: true # This one makes grub-installer install to the UEFI partition '/boot' record if it also finds
|
||||
# some other OS, which is less safe as it might not be able to boot that other OS.
|
||||
password: true # If you want to set a password for GRUB. The password MUST be set at:
|
||||
# '/.preseed/password_grub.txt'.
|
||||
prober: false # OS-prober did not detect any other operating systems on your computer at this time, but you
|
||||
# may still wish to enable it in case you install more in the future.
|
||||
skip: false # Skip installing grub.
|
||||
|
||||
1
.preseed/unlock_wrapper.sh.sha512
Normal file
1
.preseed/unlock_wrapper.sh.sha512
Normal file
@@ -0,0 +1 @@
|
||||
be5dfdaf07abdea07b6e683951fac60047ace3a01070918bf5d73f72ded156e17898b18ef28391752d4985338af7e2bb566fd9fa842bfe5fdce2defa11ce632e
|
||||
BIN
.preseed/unlock_wrapper.sh.sha512.sig
Normal file
BIN
.preseed/unlock_wrapper.sh.sha512.sig
Normal file
Binary file not shown.
BIN
.preseed/unlock_wrapper_pubring.gpg
Normal file
BIN
.preseed/unlock_wrapper_pubring.gpg
Normal file
Binary file not shown.
Reference in New Issue
Block a user