On Wed, 22.10.14 14:11, Roberto Ragusa (mail@xxxxxxxxxxxxxxxx) wrote: > On 10/21/2014 10:02 PM, Lennart Poettering wrote: > > > Maybe > > that's actually a strategy to adopt here: upload the encryption keys > > into the firmware as efi vars, and then pull them out on next boots or > > so (assuming that efi vars can be marked to survive soft reboots > > without making them fully persistent...) > > Hmmm, surrendering your encryption keys to the only software > part which you do not have control on? The firmware runs at the highest priviliges anyway, it can do whatever it wants... You don't have to "surrender" you keys to it. If it wants them it can take them anyway... Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
