On Thu, Dec 6, 2018 at 11:05 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx>
wrote:
Gotcha - thanks. Yes that makes complete sense for the iot, embedded,
kiosk use cases.
Use cases which are not of any interest to Workstation. :P Of course
Workstation is a product for consumer desktops and laptops. And the
security model for disk encryption is lost or stolen laptop (or
unauthorized physical access to desktop).
But most of / is not sensitive data on Workstation. We are only
concerned with encrypting possibly-sensitive data. That's /home, /tmp
(tmpfs, no worries there), portions of /var, maybe bits of /etc, and
swap. We don't necessarily need to encrypt the whole thing with a
passphrase like our current LUKS setup. Giving up on /etc is probably
reasonable as we don't need to have perfect security, just good enough
security. But stuff like system journal in /var could be problematic.
Michael
_______________________________________________
desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
