Closed name-snrl closed 2 months ago
Hi. The console access is very useful to debug your machine i.e. if the network setup didn't not work out. For most people having physical access to the serial console is the same as physical access to the machine itself, in which case one could likely boot a custom OS through other means. In server environments serial access has to be specially secured anyway because after a user logged in the console is unlocked anyway. However if you are in the position were you can guarantee that this level of physical access does not also result in tempering with other parts of the hardware, than I would suggest you to build your own kexec-image like shown here:
This flake exposes the kexec-installer nixos module so that you can add your own custom configuration i.e. setting a root password via users.users.
In nixos-anywhere you can specify your own kexec with --kexec
flag.
I was thinking about making installation on remote nodes more secure. I'm currently installing NixOS on remote nodes using nixos-anywhere and the default kexec-installer, but there are no user passwords and a serial console is available. In this case, console is completely unnecessary for the installation because access is only via ssh, but it allows anyone with physical access to the machine to get the keys (e.g. disk encryption keys) that I copy to the machine during installation.
So what do you think about hardening noninteractive kexec-installer or adding
headless
?p.s. I may have missed something and there are other vulnerabilities that are also worth discussing here
cc @Mic92