Setting up FDE with UKI (Unified Kernel Images) and Secure Boot with Arch Linux was slightly more confusing that I anticipated. Just wanted to knock out a quick how to on actually building this the right way. It seems to be the right configuration conceptually, but the tools used like dracut vs mkinitcpio in the wiki made it hard to piece together. A opinionated Ansible playbook is hopefully coming soon.

To continue on the legacy of Why Johhny Can’t Encrypt research, and to generally check in on how Thunderbird is with their OpenPGP encryption implementation, I conducted an experiment to investigate. For those curious about how the lab was constructed, most of the code should be available on my Github. Please reach out about concerns or questions.

For a class I took, I did some research into zero trust networking. As a result of the thinking about the problem, I did a PoC and paper discussing a novel approach to zero trust networking. The code can be found at https://github.com/Peeanio/bzt.