133 lines
6.6 KiB
HTML
133 lines
6.6 KiB
HTML
|
|
<!DOCTYPE html>
|
|
<html lang="{{ page.lang | default: site.lang | default: en }}">
|
|
|
|
{%- include head.html -%}
|
|
|
|
<body>
|
|
<div class="container">
|
|
|
|
{%- include header.html -%}
|
|
|
|
<main>
|
|
<section class="flex-container">
|
|
<div class="flex-container-inner">
|
|
<div class="text-well">
|
|
<h2>Tools</h2>
|
|
<p>Distrust develops open source tooling to help make the internet a safer place!</p>
|
|
|
|
<p>Rather than write the same document or tool 10 times and bill each client for it, we focus our unused retainer hours on open sourcing every document and tool we legally can, so we can focus our time with clients on their unique needs. If we are doing public work you would like to see more of, or that <i>almost</i> meets your needs, we would love to hear from you and figure out a path to see your needs met.</p>
|
|
</div>
|
|
</div>
|
|
<div class="flex-container-inner">
|
|
</div>
|
|
</section>
|
|
|
|
<hr />
|
|
|
|
<section class="flex-container">
|
|
<div class="flex-container-inner">
|
|
<div class="text-well">
|
|
<h3>AirgapOS</h3>
|
|
<a href="https://git.distrust.co/public/airgap" target="_blank" rel="noopener noreferrer">https://git.distrust.co/public/airgap</a>
|
|
<p>A live buildroot based Linux distribution designed for managing secrets offline.</p>
|
|
|
|
</div>
|
|
</div>
|
|
<div class="flex-container-inner">
|
|
<ul>
|
|
<li>Deterministic binary verification</li>
|
|
<li>Small footprint (< 100MB)</li>
|
|
<li>Immutable and diskless</li>
|
|
<li>Network drivers removed</li>
|
|
</ul>
|
|
</div>
|
|
</section>
|
|
|
|
<hr />
|
|
|
|
<section class="flex-container">
|
|
<div class="flex-container-inner">
|
|
<div class="text-well">
|
|
<h3>Keyfork</h3>
|
|
<a href="https://git.distrust.co/public/keyfork" target="_blank" rel="noopener noreferrer">https://git.distrust.co/public/keyfork</a>
|
|
<p>An opinionated and modular toolchain for generating and managing a wide range of cryptographic keys offline and on smartcards from a shared bip39 mnemonic phrase..</p>
|
|
</div>
|
|
</div>
|
|
<div class="flex-container-inner">
|
|
<ul>
|
|
<li>BIP39 style key derivation from OS or hardware entropy</li>
|
|
<li>Sharding mechanism allows "M-of-N" recovery</li>
|
|
<li>Built deterministically</li>
|
|
<li>Intended for use with air-gapped systems</li>
|
|
</ul>
|
|
</div>
|
|
</section>
|
|
|
|
<hr />
|
|
|
|
<section class="flex-container">
|
|
<div class="flex-container-inner">
|
|
<div class="text-well">
|
|
<h3>StageX</h3>
|
|
<a href="https://codeberg.org/stagex/stagex" target="_blank" rel="noopener noreferrer">https://codeberg.org/stagex/stagex</a>
|
|
<p>Minimalism and security first repository of reproducible and multi-signed OCI images of common open source software toolchains full-source bootstrapped from Stage 0 all the way up.</p>
|
|
</div>
|
|
</div>
|
|
<div class="flex-container-inner">
|
|
<ul>
|
|
<li>Fully verifiable and deterministic build toolchain</li>
|
|
<li>Deterministic packages of commonly used software (rust, go, openssl, curl and many more)</li>
|
|
<li>Flexible drop in replacement for existing software</li>
|
|
<li>Available on <a href="https://hub.docker.com/u/stagex" target="_blank" rel="noopener noreferrer">dockerhub</a></li>
|
|
</ul>
|
|
</div>
|
|
</section>
|
|
|
|
<hr />
|
|
|
|
<section class="flex-container">
|
|
<div class="flex-container-inner">
|
|
<div class="text-well">
|
|
<h3>EnclaveOS</h3>
|
|
<a href="https://git.distrust.co/public/enclaveos" target="_blank" rel="noopener noreferrer">https://git.distrust.co/public/enclaveos</a>
|
|
<p>A minimal, immutable, and deterministic Linux unikernel build system targeting various Trusted Execution Environments for use cases that require high security and accountability.</p>
|
|
</div>
|
|
</div>
|
|
<div class="flex-container-inner">
|
|
<ul>
|
|
<li>Immutable: Root filesystem is a CPIO filesystem extracted to a RamFS at boot</li>
|
|
<li>Minimal: < 5MB footprint and nothing is included but a kernel and your target binary by default</li>
|
|
<li>Deterministic: multiple people can reproduce the build and verify its integrity</li>
|
|
<li>Hardened: No TCP/IP network support, most unnecessary kernel features disabled and follows <a href="https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project" target="_blank" rel="noopener noreferrer">Kernel Self Protection Project</a> recommendations</li>
|
|
</ul>
|
|
</div>
|
|
</section>
|
|
|
|
<hr />
|
|
|
|
<section class="flex-container">
|
|
<div class="flex-container-inner">
|
|
<div class="text-well">
|
|
<h3>git-sig</h3>
|
|
<a href="https://git.distrust.co/public/enclaveos" target="_blank" rel="noopener noreferrer">https://git.distrust.co/public/enclaveos</a>
|
|
<p>The simple multisig toolchain for git repos.</p>
|
|
</div>
|
|
</div>
|
|
<div class="flex-container-inner">
|
|
<ul>
|
|
<li>Attach any number of signatures to any given git ref</li>
|
|
<li>Verify git history contains a minimum threshold of unique commit signatures</li>
|
|
<li>Verify signatures belong to a defined GPG alias group</li>
|
|
<li>Verify code changes made since last time minimum valid signatures were present</li>
|
|
</ul>
|
|
</div>
|
|
</section>
|
|
</main>
|
|
|
|
{%- include footer.html -%}
|
|
|
|
</div>
|
|
</body>
|
|
|
|
</html> |