Re: Suggestion: Use a unified kernel image by default in the future.

[Sharpened Blade via devel]

I think using credentials for the rootfs is not very useful, the user already 
enters the LUKS password on boot. Also, if the encryption keys are not stored 
locally, then they have no use, an attacker can just get them from the external 
storage. Many users also would not like needing an attestation service to boot 
either. If the encryption keys need to only be revealed on a trusted boot, then 
it should be stored in the tpm.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure