Lennart Poettering wrote:
> Uh, first of all plain full disk encryption like we set it up
> typically on Fedora provides confidentiality, not integrity.
Well, it does protect against offline modification (i.e., "borrow" the
computer or the storage devices, put the storage devices into another
computer, trojan the OS, and return the "borrowed" device without getting
caught; or even just boot the computer from a malicious boot device and
trojan the OS from there, if the boot order is not locked). It does not
protect against online modification (i.e., attack the system while it is
running and the disk is decrypted).
Kevin Kofler
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
