On 10/25/2011 05:30 PM, Till Maas wrote: > On Tue, Oct 25, 2011 at 01:45:45PM +0200, Christoph Trassl wrote: >> On 10/25/2011 09:33 AM, Michal Hlavinka wrote: >>> On 10/25/2011 09:30 AM, Harald Hoyer wrote: >>>> On 10/25/2011 09:15 AM, Harald Hoyer wrote: >>>>> It's not only an aesthetic issue. This enables >>>>> possibilities, which were not doable before. >>> ... >>>> - mount rootfs encrypted - mount /usr not encrypted (no secrets >>>> here) >>> >>> this is already possible, I use this setup for a long time. >> >> Does not seem to make any sense to me, unless you verify that no >> one has messed with your binaries/libraries in /usr. > > Does not seem to make any sense to me, unless you verify that no one > has messed with your kernel/bootloader in /boot or /dev/sda. Correct. Verifying the kernel/bootloader could easily been done within seconds - at every boot. If you can do it as fast for gigs of data in /usr, please tell me how. Christoph. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
