On Mon, Dec 10, 2018 at 4:40 AM Hans de Goede <hdegoede@xxxxxxxxxx> wrote: > On 06-12-18 19:32, Chris Murphy wrote: > > Why bother encrypting anything if it's going to be automatically > > unlocked just by booting? If the login window is a sufficient barrier > > to exfiltrating and modifying user files on an unlocked volume, then > > it's a sufficient barrier for an unencrypted volume because it is in > > effect a plaintext volume, automatically without a passphrase, merely > > when powered on. > > This is not the same as an unencrypted volume at all, the disk will only > unlock *when booted from the disk*. So you cannot simply mount the disk in > another machine, or boot from external media and still access the disk. The attacker in the laptop/tablet case is going to take the entire device. > I'm not saying this is 100% safe, but it certainly is a lot safer then > unencrypted data and makes all kind of simple attacks impossible. If the only change is encrypting the volume by default, and unlocking the volume automatically (no PIN or passphrase) by default - it's not safer for the Workstation use case. What other mitigations are happening by default? Prevent DMA attack over Thunderbolt 3? Prevent user from modifying grub command line, so they can't add init=/bin/bash or systemd.debug-shell=1? Will the user be able to put the system into a troubleshooting mode? -- Chris Murphy _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
