REFLECTING ON THE WORLD

Giovanni Bassi

Numbers on the way

Projects delivered

100+

Cups of coffee

15k+

Social media posts

40k+

Kilometers traveled

200k+

Latest blog posts

NixOS: Installation Guide with RAID 1, encryption, and TPM unlock (part 7 - Mitigating the OS swap attack)

June 1, 2026 | 11 reading minutes

There is still a loophole where one could obtain the LUKS volume encryption key using another operating system. Let’s fix that.

NixOS: Installation Guide with RAID 1, encryption, and TPM Unlock (part 6 - Mitigating the volume swap attack)

May 26, 2026 | 6 reading minutes

The NixOS disk is encrypted, but a careful LUKS volume swap attack can still be used to obtain the encryption master key.

NixOS: Installation Guide with RAID 1, encryption, and TPM Unlock (part 5 - unlocking the disk with TPM)

May 18, 2026 | 7 reading minutes

At last, we are going to automatically decrypt the NixOS disk using the TPM!

NixOS: Installation Guide with RAID 1, encryption, and TPM Unlock (part 4 - Secure Boot)

May 14, 2026 | 7 reading minutes

In the fourth post of our series, we are going to configure Secure Boot to ensure that only trusted operating systems can be executed.

Fork me on Codeberg