- boot security
- add BIOS password
- use motherboard with TPM2.0 and BIOS password not stored in volatile memory
- use secure boot
- use full disk encryption with TPM keys
- disable unneeded device ports in BIOS
- prevent user input
- blacklist all HID modules
- usb
- serial decies /dev/tty* (or more fine-grained) using a udev rule
- disable unneeded device ports in software
- blacklist all HID modules
- prevent leakage through network
- use https
- use a self-signed certificate as to not worry about expiration
- use firewall to block all ports except the two needed
- use https
- vulnerabilty exploits
- reduce software stack
- apply some hardening
- add update schedule
noahvogt/videopc-infra
an IaC solution for seamless projector control in production environments
ShellGPL-3.0