Sharpened Blade via devel <devel@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > It would be stored with permissions for only root to read it, and you disk > should be encrypted, or none of this matters. It doesn't matter if your disk is encrypted. Whilst your computer is online, the contents are accessible. If your kernel memory is accessible through /dev/mem or /dev/kmem, there's a chance that your keys can just be read directly. One of the things secure boot can do is lock down *read* access to your raw memory/kernel virtual memory to make it harder for someone to steal your secrets. It's not a secure as using a TPM ought to be, though. And if you want to keep your key safe, you should really keep it in a removable hardware device. Leaving it on your hard drive, even with perms such that only root can read it isn't necessarily safe enough, sadly. David _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
