On Tue, Dec 3, 2019 at 12:05 AM John M. Harris Jr <johnmh@xxxxxxxxxxxxx> wrote: > > > It's not just an issue for systemd-homed, this problem applies to any > > user home encryption implementation when the user has not first > > authenticated/unlocked their user home. e.g. if you install with /home > > encrypted in Anaconda, in fact your boot stops at plymouth in the > > initramfs so sshd is thwarted from even starting in the first place; > > and even if GNOME Shell's login were to be enhanced to do this unlock, > > still requires unlock. > > That is simply not the case. I don't know what you're referring to with "if > you install with /home encrypted in Anaconda", Anaconda custom partitioning has a per mount point encryption option. I can LUKS encrypt only the volume mounted at /home. And if I do this, startup is inhibited at a plymouth prompt for a passphrase, the same as if I check the earlier "encrypt my data" option at Destination Installation - which is the FDE layout. sshd doesn't startup until after this. You can't ssh into your system before user home is unlocked. There is at least a chance of this with systemd-homed even if it's not yet implemented. >or why GNOME Shell would have > anything to ssh, however with Plasma, my desktop environment doesn't have to > be loaded at all in order for me to ssh in. That's because you are physically present to type in a passphrase during boot. And that exposes all user data as plaintext too, in the FDE case. The only thing protecting user data are discretionary access controls. The reason for a full desktop environment stack being available at LUKS unlock time has to do with various UX problems with the much more limited initramfs+plymouth environment. This is elaborated on in the Workstation WG issue I referenced. An open question is to what degree we run into those same kinds of problems with remote login. > > > Basically you have to choose between user home security (or more > > specifically privacy) and remote logins. However, there are some ideas > > that could possibly work around this, to varying degrees of > > inelegance, which I'll gratuitously copy from a related Workstation WG > > issue [1]. > > You really don't. It's pretty much there by default, and there's not a lot > that I have to change from a default Plasma install. Doing an Anaconda guided > LVM full disk encryption setup is sufficient to protect data at rest. It's a valid argument that when a user is not logged in, their data should be at rest and encrypted. systemd-homed is one possible way to address that, not necessarily the only way, but for sure the current options in the installer don't address it. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
