You are viewing the development docs which are in progress. For the latest stable documentation, click here.

Takeover

Learn how to enable Trusted Boot support in Kairos, which combines FDE, Secure Boot, and Measured Boot to protect your system from tampering and cold attacks.

Kairos supports takeover installations. Here are a few summarized steps:

  • From the dedicated control panel (OVH, Hetzner, etc.), boot in rescue mode
  • Install docker and run for example:
export DEVICE=/dev/sda
export IMAGE=quay.io/kairos/@flavor:@flavorRelease-core-amd64-generic-master
cat <<'EOF' > config.yaml
#cloud-config
users:
- name: "kairos"
  passwd: "kairos"
  groups:
    - admin
  ssh_authorized_keys:
  - github:mudler
EOF
export CONFIG_FILE=config.yaml
docker run --privileged -v $PWD:/data -v /dev:/dev -ti $IMAGE kairos-agent manual-install --device $DEVICE --source dir:/ /data/$CONFIG_FILE
  • Switch back to booting from HD and reboot.
Last modified May 27, 2025: Add llmstxt (#413) (4f86cf9)