Physical Server security #137

New Issue

ahtlon · 2026-02-25T05:02:29+01:00

ahtlon commented

2026-02-25 05:02:29 +01:00

As mentioned in #124, our "server room" isn't really locked down, which means that our hardware could be tampered with even just by visitors.
What are the security implications of this?
Is there a way of preventing random ppl from just plugging in usb's or similar?
Is secure boot a thing on nixos?

As mentioned in #124, our "server room" isn't really locked down, which means that our hardware could be tampered with even just by visitors. What are the security implications of this? Is there a way of preventing random ppl from just plugging in usb's or similar? Is secure boot a thing on nixos?

ahtlon added the Security label 2026-02-25 05:02:29 +01:00

ahtlon added this to the Security project 2026-02-25 05:02:29 +01:00

ahtlon moved this to High Severity in Security on 2026-02-25 05:02:39 +01:00

ahtlon moved this to Medium Severity in Security on 2026-02-25 05:14:39 +01:00

kalipso commented

2026-02-25 13:36:25 +01:00

We could setup tamper protection.
This was done already with the malobeo laptop and it makes sense to do something similar on fanny.

There is a wiki entry on secure boot: https://wiki.nixos.org/wiki/Secure_Boot

Maybe we could try to physically disable some usb ports.

We could setup [tamper protection](https://mullvad.net/en/help/how-tamper-protect-laptop?page=/en/help/how-tamper-protect-laptop). This was done already with the malobeo laptop and it makes sense to do something similar on fanny. There is a wiki entry on secure boot: https://wiki.nixos.org/wiki/Secure_Boot Maybe we could try to physically disable some usb ports.

Sign in to join this conversation.

2 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: malobeo/infrastructure#137