Hi all, Change author here. I think that everything is on-track now. Sorry I hadn't seen any of these messages before, there's a newer post over here (https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/L64OGN7XWO7VQEUDKFB3IJ2HYUFTSPFA/) and I hadn't realised that this had been active. I've posted two scripts over there too. I'd appreciate any feedback on them.
Chris, The only system for automatic decryption with a TPM that I know of is clevis, which operates in the initramfs for both LUKS1 and LUKS2. I mention it in the change proposal as a recommendation, but it is by no means a requirement. Petr, While you are correct, I'd rather attempt to prevent tampering and also set-up a system through which to detect any. Besides, this change proposal is simply meant to offer security-minded users options that weren't available to them before. Benjamin _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
