Am 15.03.20 um 13:32 schrieb Vitaly Zaitsev via devel: > On 14.03.2020 13:05, Marius Schwarz wrote: >> If you encrypt the fedora ( or any ) installation with luks, as >> security of a mobile device indicates, you end up without the >> possibility to enter the password, when you do not have an in/external >> keyboard at hand. > You should use TPM 2.0 LUKS unlock instead of using passwords. > I knew someone would bring this up: TMP does not protect your drive, as you could boot with "init=/bin/bash 1" . As long as grub can intercept the boot process TPM is off limits. We had a corresponding security discussion in the SYSTEMD HOMED thread, explaining this. I did not bring this up, if TPM solo would be acceptable ;) Best regards, Marius Schwarz _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
