On Do, 05.12.19 12:02, Marius Schwarz (fedoradev@xxxxxxxxxxxx) wrote: > With FDE running and "Suspend-to-disk" selected in your screensafer > settings, you get asked for your password on hw wakeup before your > system gets back running. If someone wants to use such things, he > already can. Well, the way this has been traditionally done is that the lock screen is displayed by a program running under the user's identity and that the user's data is entirely unlocked the entire time during suspend, i.e. the decryption key is lying around in memory just fine. If you steal a laptop that way and read out the memory (which sufficiently sophisticated hackers can, via thunderbolt DMA for example, or finding an exploit in the screen locker, like we prominently had in the past in xscreensaver) then you have full acces to your full data. The intention here is to lock things down so that while the system is suspended you can rest safely that it is as locked down as it would be if the device was turned off. i.e. so that if you manage to exploit xscreensaver or if you manage to exploit thunderbolt, or manage to exploit the kernel it doesn't help you anything, because the crypto keys are not present on the device anymore. > Where is the advantage of homed, considering, that only encrypting > /home, is a major security flaw by itself. All your goals are > already there and it's more useful and secure too :) I really have a > problem understanding why you wanne implement a security flaw and > call it "better". Locking down the OS itself and locking down the user's home are two different things, because OS integrity should be bound to different mechanisms than user data encryption. (i.e. OS integrity should be bound to vendor trust or TPM, while user data should be bound to user's security credentials). > If you wanne improve security, please focus on userfriendlyneess for > things like "disabling unused usb ports"/"whitelist for usb > ids"/"insecure Highspeed USB network adapter detection" same for any > plugable port you have in your hw. And last, but not least, "motherboard > serial number validation on wakeup" to counter the switch of hw components. Uh, locking down USB like that doesn't really work. USB has no mechanism for recognizing devices securely, which means any whitelist is pointless because any device can claim to be whatever it wants to be. (And yes, it would be great if we could be a bit more secure there, but it's an orthogonal problem) Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
