> On Mon, Sep 23, 2019 at 4:36 pm, Sheogorath > <sheogorath@xxxxxxxxxxxxxxxxxxx> wrote: > > Doesn't make any sense to me. The reason to get a per-user encryption > > sounds useful in order to reduce the leaking of user data when we have > > multiple users per device. /home only encryption protects whom? It protects the users from 3rd parties. If POSIX permissions are inadequate separation between users (and I agree that it could be), then only encrypting user home directories is also inadequate. There are ample attack vectors that remain to anyone with physical access. > > An attacker with access to the disk can install malware and put it in > > auto start. So there is no real protection here. When we encrypt > > `/home` > > we can encrypt the rest as well. The attacker can just as straightforwardly inject malware into the initramfs. In the present Anaconda full disk encryption model, which the encryption subgroup prefers to avoid for various UI/Ux reasons including limited a11y, i18n functionality, the /boot volume is not encrypted. -- Chris Murphy _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/desktop@xxxxxxxxxxxxxxxxxxxxxxx
