Takeover

Learn how to enable Trusted Boot support in Kairos, which combines FDE, Secure Boot, and Measured Boot to protect your system from tampering and cold attacks.

Kairos supports takeover installations. Here are a few summarized steps:

  • From the dedicated control panel (OVH, Hetzner, etc.), boot in rescue mode
  • Install docker and run for example:
export DEVICE=/dev/sda
export IMAGE=quay.io/kairos/@flavor:@flavorRelease-core-amd64-generic-v3.5.7
cat <<'EOF' > config.yaml
#cloud-config
users:
- name: "kairos"
  passwd: "kairos"
  groups:
    - admin
  ssh_authorized_keys:
  - github:mudler
EOF
export CONFIG_FILE=config.yaml
docker run --privileged -v $PWD:/data -v /dev:/dev -ti $IMAGE kairos-agent manual-install --device $DEVICE --source dir:/ /data/$CONFIG_FILE
  • Switch back to booting from HD and reboot.
Last modified May 27, 2025: Add llmstxt (#413) (4f86cf9)