I think using credentials for the rootfs is not very useful, the user already enters the LUKS password on boot. Also, if the encryption keys are not stored locally, then they have no use, an attacker can just get them from the external storage. Many users also would not like needing an attestation service to boot either. If the encryption keys need to only be revealed on a trusted boot, then it should be stored in the tpm. _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
- Re: Suggestion: Use a unified kerne... Sharpened Blade via devel
- Re: Suggestion: Use a unified kerne... Lennart Poettering
- Re: Suggestion: Use a unified k... Demi Marie Obenour
- Re: Suggestion: Use a unif... Lennart Poettering
- Re: Suggestion: Use a unified k... Daniel P . Berrangé
- Re: Suggestion: Use a unif... Lennart Poettering
- Re: Suggestion: Use a unified kernel image by de... Lennart Poettering
- Re: Suggestion: Use a unified kernel image ... Gerd Hoffmann
- Re: Suggestion: Use a unified kernel im... Lennart Poettering
- Re: Suggestion: Use a unified kerne... Gerd Hoffmann
- Re: Suggestion: Use a unified k... Sharpened Blade via devel
- Re: Suggestion: Use a unif... Lennart Poettering
- Re: Suggestion: Use a unified k... Richard W.M. Jones
- Re: Suggestion: Use a unif... Gerd Hoffmann
- Re: Suggestion: Use a unified k... Lennart Poettering
- Re: Suggestion: Use a unif... Gerd Hoffmann
- Re: Suggestion: Use a ... Lennart Poettering
- Re: Suggestion: Use a unified k... Gerd Hoffmann
- Re: Suggestion: Use a unif... Lennart Poettering
- Re: Suggestion: Use a ... Gerd Hoffmann
- Re: Suggestion: Use a unif... Sharpened Blade via devel