Cross posting to OS list and Safety list:
One thing I've been thinking about off and on for a while, is what does it look like to protect user data when you can't have full disk encryption. For example, let's say you have a tablet. If you were to do FDE (full-disk-encryption) at boot, how would you enter the password into the dialog? One option is to put the on-screen-keyboard and UI code into an initrd so that you could load it early. But the initrd is also unencrypted in the /boot partition. So it too is susceptible to attack (modifications). One way to combat that is to use secure boot (with a TPM) so that you only boot a trusted kernel and initrd that is signed. But you get the same thing by using dm-verity which keeps a sort of merkle tree hash for verification and can fail to fault the page in if the checksum does not match. (This is what ChromeOS does). It sounds like btrfs is working on something similar? What this means is that while you leak what OS you are running in cleartext, you at least are booting and running what you expect. An acceptable trade-off in my opinion. (Or maybe it's seed comes from `cpuid` or something). Of course, pair this with encrypted home directories that are unlocked by pin/password/etc. I'm sure most of you already know the above (and I'm just summarizing), but I think this implies the following as necessary. - User installed applications need to be stored in the encrypted home directory so that we don't leak information. Why? Think about apps where simply the installation of it gives away sensitive information (sexual orientation, religion, etc). Simply detecting the installation of the app could compromise someone's safety. I assume this might have some conflicts with the following: 1) sharing pages on disk 2) "globally" installed applications (as if this matters anymore?) I think the idea of globally installed applications is just fine (think libreoffice), just that it shouldn't be the default in a word where we have a more broad user base and application availability than we do today. -- Christian _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
