Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/12/19 6:56 AM, Marius Schwarz wrote:
On the other hand, as android is capable of FDE, they must have made
some importanted changes that can be of use here.

Right, because Android has full control of the entire boot process, so they only need the user input  at the end where all the moving pieces are in place. I think bulletproofing the boot process is the right approach for Linux as well---but it's hard because the PC platform interface between the firmware (BIOS/UEFI)  and the OS is brittle, variable and poorly defined---and if you really lock it up, inevitably someone will get locked out from repairing their system.

Note that ~/ encryption is actually a nice compromise: the boot/OS environment needs integrity more than confidentiality, and maybe could be more maintainable if left unencrypted, while the $HOME would be kept encrypted and confidential.

If you can't rely on an uninterruptible boot, you need I18n support early on, and there are only two possibllities: either use whatever the platform firmware provides (I think that's what you refer when you talk about MS OSK BIOS support), or you arrange for the OS i18n support to be available early enough. The reality of the PC platform is that in general we can't rely on the BIOS support.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux