On 8/20/19 11:15 PM, John Harris wrote:
There is no significant fire risk from this. It's just not good for the
laptop. There's not exactly a temperature range that can cause damage, but
there is a nominal range for each individual chip, and a nominal range for the
entire system based on that.
You're right that fire is not the principal risk: instead, it's cooking
the chemicals in the LCDs and batteries---not the chips, which typically
have operating maximum temperature of 80C. The LCD operating temperature
is typically up to 50C, and a typical absolute maximum temperature is
60-70C (*). The batteries have similar limits. Solomon reported burning
sensation, which typically means 60C or more.
I think we can all agree that shutting the system down is not the
appropriate behavior, right?
I would prefer a suspend---hit a key or move a mouse and see the prompt
again. Still, what's wrong with a quick reboot? The additional time from
power up to disk decryption is typically short, unless we're talking
servers with tons of secondary firmware. I think Fedora should optimize
for laptops/desktops, so if we had to chose one default I would vote for
sleep, or shutdown if sleep was not available.
Why would this behavior be in any way desirable on a desktop system? A TPM or
other hardware key storage does not solve the same problem as asking for a key
to be entered to decrypt.
but it's less secure---the decryption password hashes (**) have to be
present on the media. Bitlocker in TPM mode has the secrets locked in
the TPM, and as an added benefit uses the 'enterprise' authorization
scheme, with revocation, recovery keys, single logon (no separate
decryption and login credentials), etc. You wrote that bitlocker
'configured properly ... simply shows a prompt forever', but I think
that the current best practice is to use TPM, in which case the system
proceeds to the login prompt, and the full decryption is only done after
user authentication. I think that's how FileVault in MacOS works, and
perhaps Linux is also heading this way.
(*) https://www.pacificdisplay.com/cdm/CDM-40200.pdf
(**) Note that in a commercial context this includes the user password
as well as any recovery passwords, which may be common across the
enterprise so the risk is even more significant.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
