On Mon, Dec 09, 2019 at 09:25:06PM -0700, Chris Murphy wrote: > The installer doesn't support such a configuration. No portion of the > bootloader nor the boot volume, can be encrypted. I do consider this a bug, but as there is no stable solution for that right now we can't just "fix it". > While the hibernation image could be encrypted, it's not by default. > So where's your pre-existing complaint and feature request that this > should have been enabled by default a long time ago? Why are you only > complaining about things when people have a proposal that doesn't > align with what you want, almost as if you just want to argue for the > sake of arguing? There is no need for a pre-existing complaint - if there is some new proposal coming up and someone sees a fundamental flaw that does not automatically make the person pointing that out responsible for fixing the issue the proposal tries to fix. A proposed fix for an issue is only good if it fixes more stuff than it breaks - and the opinions about this seem to diverge for now. There is always the option "let us just try it and see what happens", but as it covers a very sensitive area there is a natural tendency to being more careful about introducing change than usual. > What's on the table in the near future is encrypting ~/ by default. > And somehow because that's not good enough, in your view, you want to > shitcan encrypting ~/ at all, while waiting for a perfect solution? > How is that even remotely logical? This is quite dangerous to do without encryption of the whole disk. That would break a lot of user expectations if not properly communicated. If encrypting ~/ also entails full disk encryption that would be okay, but not separately. Not meeting user expectations when it comes to security *always* leads to bad things. Some examples: User expects no encryption, as they did not select anything regarding encryption or did not select full disk encryption: - Something breaks the system, they try to restore it and now they can't access their data anymore. User does expect encryption, but it's not labelled as encryption for ~/ only - and therefor only ~/ is encrypted: - User stores data somewhere else than in /home (e.g. sensitive internal programs in /opt or /usr/local, secrets/keys/vpn-keys/.. in /etc) -> on device loss that user might still think the data is safe anyway, as they think it is encrypted - Attacker scenario: there is physical access to the device for a few minutes - installing a trojan is super easy to be done in <10 minutes, without the need for any tool, writing the trojan on site. Having the full disk encrypted at least moves this to either about half an hour to one hour and having a live-usb-stick ready or to having a trojan ready anyways. So please be careful in case this feature gets introduced, as "less than expected security" is usually worse than "less security". Wording in the installer is super critical in regard to ~/ only encryption. All the best, David
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
