Hi, Lennart. I read your blog post and there is little I can add regarding encryption/authentication*. However, distributions need to address one more detail, I think. You've mentioned recovery scenarios, but even with an additional set of keys stored securely, there are enough moving parts in FDE that something may go wrong beyond what recovery keys could fix. To help users minimise the risk of data loss distributions should provide backup tools and help configure them securely. This is of course outside of the scope of your original post, but IMHO it is a good moment to mention this. * Well there is one tiny detail. You noted double encryption needs to be avoided in case of home directory images by storing them on a separate partition. Separating /home may be considered a slight inefficiency in storage usage, but using LVM to distribute storage space between the root(+/usr) and /home might help. However, to best of my knowledge (which I will be glad to update) there is no tool to dynamically and automatically manage storage space used by home images. In theory the code is there, but UX of resize2fs(8) and dd(1) is far from satisfying and I am not entirely sure what happens if one truncates (after resize2fs, which will work) a file containing a mounted image. The first solution that comes to my mind is to make systemd-homed resize home filesystem images according to some policy upon locking and unlocking. But it's not perfect as users would need to log out(?) to trigger allocation of more storage should they fill their home directory. Anyway, the post is very interesting and I am looking forward to further developments. -- Miłego dnia, Łukasz Stelmach
Attachment:
signature.asc
Description: PGP signature
