Am 06.12.19 um 21:04 schrieb Chris Murphy: > swap being compromised. Case 2 is present day Fedora "full disk > encryption" which does not lock down the bootloader, /boot volume is > not encrypted, and thus the initramfs is vulnerable to a targeted > attack which could be used to deploy a key logger or whatever you're > worried about in Case 1.
Not encrypting /boot may be the default in the installer, but does not mean, you can't go the full way. You can simply activate /boot/ encryption. Grub will ask you for your luks password while booting. But pls see the other message, I won't repeat myself. But your right, It really depends on the threadmodel you wanne counter. My point is, make it as hard as possible, otherwise you way just think, your safe, when your not. sincerly, Marius _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
