Zarhus Developers Meetup #2

This talk will present overview of security features implemented or planned to be implemented in meta-zarhus (currently for x86-64 platforms). Some of those features are:

• Creating UKI capable of being booted directly from BIOS with Secure Boot enabled
• Encrypting rootfs in initramfs and using TPM2 for decryption
• A/B OTA updates with overlay filesystem mounted over rootfs

I'll talk about problems encountered during development, especially when combining those features into one image, and solutions to those problems. At the end there will be short demo showcasing some of those features.