On Wed, Dec 4, 2019 at 4:41 PM Marius Schwarz <fedoradev@xxxxxxxxxxxx> wrote: > > Am 04.12.19 um 02:02 schrieb Chris Murphy: > > Anaconda custom partitioning has a per mount point encryption option. > > I can LUKS encrypt only the volume mounted at /home. And if I do this, > If you do this, someone can manipulate your system to trojan horse your > passwords, > when he has physical access to it. > > Full-Diskencryption ( /boot included ) is the only way to protect the > system itself. > Anything else is simply not secure. systemd-homed doesn't depend on /etc/passwd or /etc/shadow for authentication. By all means its security guarantees should be evaluated. https://github.com/systemd/systemd/pull/14096 What you're talking about is entirely up to the user to configure manually. Fedora installations today don't support bootloader lock down, encrypted /boot, or purging the LUKS key from memory during suspend, out of the box. And therefore I'm not sure what your goal posts are, what two things you're comparing. -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
