How to encrypt with LUKS a live Ubuntu usb stick that has been customized with Cubic? [migrated]

I’m using Cubic (https://github.com/PJ-Singh-001/Cubic) to create a custom Ubuntu. So far so good, everything is going smoothly.
However, I would like to encrypt the USB stick that contains my custom Ubuntu image so that I:

boot usb (load… Continue reading How to encrypt with LUKS a live Ubuntu usb stick that has been customized with Cubic? [migrated]

Is deploying a web application to a customer’s encrypted drive a secure solution against code theft?

I have developed a web service for customer. The web service is written in Python and running in Docker containers. It is managed by docker compose.
The customer wants my web service to run on their own Ubuntu servers, but I have control o… Continue reading Is deploying a web application to a customer’s encrypted drive a secure solution against code theft?

PCR to prevent TPM2 key unsealing in case of rogue DMA devices connected?

Security threat: physical theft of a laptop and a server that use TPM2 auto unlock FDE with LUKS. In both cases the TPM checks against some PCRs before unsealing the key. The laptop prompts for a TPM PIN, the server doesn’t. The attacker i… Continue reading PCR to prevent TPM2 key unsealing in case of rogue DMA devices connected?

Is specifying resume_offset for hybernation to LUKS-encrypted drive safe?

I need to enable hybernation to the LUKS-encrypted drive. My /boot partition is unencrypted hence it stores all kernel images as well as kernel parameters in unencrypted form. For hybernation to work I should specify where the swap file st… Continue reading Is specifying resume_offset for hybernation to LUKS-encrypted drive safe?