On Thursday, December 5, 2019 2:56:22 AM MST Lennart Poettering wrote: > Uh, first of all plain full disk encryption like we set it up > typically on Fedora provides confidentiality, not integrity. For the > OS image itself you want integrity though, confidentiality is not > needed (after all anyone can download Fedora from the Internet, > everyone knows all the bits and bytes in it anyway, it's inherently > public information, there's zero point in encrypting it). I have to disagree. The system itself is not just the list of packages installed, but can certainly include software that an individual or company wrote themselves or purchased , and do not wish to lose to a breach. This also includes global configuration files, which may include, for example, a VPN configuration, network configuration and so on. > Unless you combine dm-crypt with dm-integrity (which we currently > generally do not do), or you use dm-verity you are not actually > protecting the OS from undetected modification. Well, you are, in that the average attacker have to break or steal a key to decrypt the drive first. Sure, it wouldn't stop a sophisticated attack. > And there's no point in encrypting /boot, because that contains only > public information too. If you want to protect your boot chain, use > something like a complete SecureBoot chain, but that too is something > we currently don't actually support on Fedora. (because initrds are > not verified). This is not generally true either. Encrypting /boot helps to ensure that /boot is not modified, and is generally paired with GRUB signature validation. In some setups, this GRUB configuration is moved to flash storage. > Anyway, figure out your threat model, and figure out how you want to > protect what, and understand that for different parts of the > installation different rules apply. I don't believe this as the case, as specified above. > And yes, I think encrypting the home directory with the user's own password > makes most sense. I suppose that's a good *start*, where users wouldn't use encryption otherwise. -- John M. Harris, Jr. Splentity _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
