Good afternoon everyone.
I recently aquired a Pi 5 and am so delighted with it's performance, stability, and simplicity that I think I want to start using it as my main pc, even going as far as to abandon my linux mint laptop in favor of the pi.
To use it as my main PC, I want a reasonably secure setup, and would like to share and get ideas from others.
For my threat model, I'm considering physical security of my machine and sd card a given (although this is a touch risky and i'm curious what others have done here). While my private network behind my router is unlikely to have unwanted guests, I don't want want to rule out the possibility in my threat model.
I've already taken some of the obvious measures:
- creating and logging in as a non sudoable user for normal everyday stuff
- disabling auto login, setting up screen locking
- disabling most network services (ssh, remote desktop, others) (i left cupsd untouched, although i'm suspicious if cupsd is safe enough)
- using sensible permissions for file
I've considered mounting an encrypted fs for my home dir, but that would likely be insufficient against an attacker with physical device access since they could just install assorted rootkits as they please onto my sd card.
Thoughts? has anyone else considered using their pi 5 as a primary machine, and if so, what do you do to secure it?
I recently aquired a Pi 5 and am so delighted with it's performance, stability, and simplicity that I think I want to start using it as my main pc, even going as far as to abandon my linux mint laptop in favor of the pi.
To use it as my main PC, I want a reasonably secure setup, and would like to share and get ideas from others.
For my threat model, I'm considering physical security of my machine and sd card a given (although this is a touch risky and i'm curious what others have done here). While my private network behind my router is unlikely to have unwanted guests, I don't want want to rule out the possibility in my threat model.
I've already taken some of the obvious measures:
- creating and logging in as a non sudoable user for normal everyday stuff
- disabling auto login, setting up screen locking
- disabling most network services (ssh, remote desktop, others) (i left cupsd untouched, although i'm suspicious if cupsd is safe enough)
- using sensible permissions for file
I've considered mounting an encrypted fs for my home dir, but that would likely be insufficient against an attacker with physical device access since they could just install assorted rootkits as they please onto my sd card.
Thoughts? has anyone else considered using their pi 5 as a primary machine, and if so, what do you do to secure it?
Statistics: Posted by BIGLOVE — Fri May 09, 2025 11:37 pm