On Mon, Dec 3, 2018 at 5:48 PM Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > > >>14:31:51 <otaylor> ryanlerch: I think it's definitely possible (finicky, but sometimes you have to do finicky things...) to determine whether a password is possible to type at the bootloader password prompt > > Literally GRUB2 asking for a passphrase, implies /boot is encrypted. > I'm not sure that's supportable. Anaconda has various limitations > where it will require a separate boot volume. What are the advantages > to encrypting boot? I just miswrote there and said "bootloader password prompt" when I meant "initrd password prompt". I don't think anybody is interested in encrypting /boot (ensuring the integrity of the early boot sequence using PCR measurement, etc, is a different question.) Thanks for all your other feedback, Chris. There are a certainly a lot of aspects to work through! - I don't think it's going to take us 5 years to get something useful, but any plan will certainly have short-term and long-term parts to it. Regards, Owen _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
