Hello,
"Authenticated Boot and Disk Encryption on Linux" [1] suggests to "make
/home/ its own dm-integrity volume with a HMAC, keyed by the TPM" when
using systemd-homed for user home directories.
I'd like to try that but… how? I can use systemd-cryptenroll to make a
encrypted volume with a TPM
Hi, Lennart.
I read your blog post and there is little I can add regarding
encryption/authentication*. However, distributions need to address one
more detail, I think. You've mentioned recovery scenarios, but even with
an additional set of keys stored securely, there are enough moving parts
in
On Wed, 2021-09-15 at 16:06 +0100, Luca Boccassi wrote:
> On Tue, 2021-09-14 at 13:36 +0200, Lennart Poettering wrote:
> > Heya!
> >
> > Some of the systemd developers have been discussing switching
> > systemd's crypto libraries to be exclusively OpenSSL 3.0, and drop
> > support for older
Hi Lennart,
Please help me understand how the journald is figuring out the PID of the
log line. I believe, with the PID, the journald is able to get the
remaining details (process name) from proc fs. I wonder how the journal is
able to get the PID of the log contributor as there can be many
On Mi, 29.09.21 12:47, Leon Fauster (leonfaus...@googlemail.com) wrote:
> > Encryption is not authentication.
> >
> > Not sure why you would encrypt your boot loader though? The boot
> > loader code is hardly a secret, is it? It's the same for everyone and
> > open source.
> >
> > And with which
On 28.09.21 23:13, Lennart Poettering wrote:
On Di, 28.09.21 19:44, Leon Fauster (leonfaus...@googlemail.com) wrote:
Hallo Lennart, corresponding to your last post about FDE:
On an EFI system - would an encrypted "/boot" or /boot on
an encrypted "/" filesystem eliminate the mentioned main
Hi Lennart,
That's a good idea but still I would like to have the prefix as it is in
the journal . I understand it is impossible to bypass the journal and
expect the direct logging to be the same as journal entries. We can achieve
it through socket but still we cannot have the luxurious prefix as