On Do, 05.12.19 04:30, John M. Harris Jr (johnmh@xxxxxxxxxxxxx) wrote: > > Unless you combine dm-crypt with dm-integrity (which we currently > > generally do not do), or you use dm-verity you are not actually > > protecting the OS from undetected modification. > > Well, you are, in that the average attacker have to break or steal a key to > decrypt the drive first. Sure, it wouldn't stop a sophisticated > attack. Not how this works. > > And there's no point in encrypting /boot, because that contains only > > public information too. If you want to protect your boot chain, use > > something like a complete SecureBoot chain, but that too is something > > we currently don't actually support on Fedora. (because initrds are > > not verified). > > This is not generally true either. Encrypting /boot helps to ensure that /boot > is not modified, and is generally paired with GRUB signature validation. In > some setups, this GRUB configuration is moved to flash storage. You are conflating integrity and confidentiality. If you want to protect boot loaders against modification you want the former, not necessarily the latter. Lennart -- Lennart Poettering, Berlin _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
