Linus Walleij wrote:
The key is a key infrastructure, e.g. your device is encrypted so that
you can access it with two keys: your key or a master key deployed at
your company (this could be device-unique or just a big master key).
I don't know if there are such things designed for LUKS tho...
Agreed on this point. Key recovery is a big problem and one that it
takes a lot of infrastructure to support. Red Hat has some products in
this area, but they aren't open source (yet.) But it's probably waaaay
too much for someone who just wants to download and try fedora. I would
suggest that designing so that it uses the right kinds of keys and what
you want the user experience to be is the right place to start. And
then figure out how to build management infrastructure from there.
--Chris
