Am 19.03.20 um 20:57 schrieb John M. Harris Jr:
>
> If you're drawing a direct comparison to the Fedora boot process from the
> Windows process, the point at which Windows is presenting an OSK is about at
> the point after which initrd is loaded in the Fedora boot process. It's not
> happening
On Fri, Mar 20, 2020 at 1:50 AM Petr Pisar wrote:
>
> On Thu, Mar 19, 2020 at 12:59:01PM -0600, Chris Murphy wrote:
> > On Thu, Mar 19, 2020 at 11:53 AM Marius Schwarz
> > wrote:
> > >
> > > Am 19.03.20 um 17:11 schrieb Michael Cronenworth:
> > > > On 3/19/20 11:04 AM, Marius Schwarz wrote:
> >
On Thu, Mar 19, 2020 at 06:52:52PM +0100, Marius Schwarz wrote:
> Am 19.03.20 um 17:11 schrieb Michael Cronenworth:
> > On 3/19/20 11:04 AM, Marius Schwarz wrote:
> >> correct and thats the main issue, as long you have grub where you can
> >> edit the kernel line to start in runlevel 1.
> >> This
On Thu, Mar 19, 2020 at 12:59:01PM -0600, Chris Murphy wrote:
> On Thu, Mar 19, 2020 at 11:53 AM Marius Schwarz
> wrote:
> >
> > Am 19.03.20 um 17:11 schrieb Michael Cronenworth:
> > > On 3/19/20 11:04 AM, Marius Schwarz wrote:
> > >> correct and thats the main issue, as long you have grub where
On Thursday, 19 March 2020 at 19:59, Chris Murphy wrote:
[...]
> I think what you'd want for the stolen laptop use case is an encrypted
> $BOOT, which GRUB does support:
>
> The first grub.cfg is unencrypted, and provides strictly for unlocking
> a LUKS1 (no LUKS2 support yet) $BOOT volume, and
On Saturday, March 14, 2020 5:05:11 AM MST Marius Schwarz wrote:
> Hi all,
>
> bevor we start, it is a VERY VERY SPECIAL situation i will talk about
> now. It could get fixed by a UNUSUAL approach.
>
> The device we talk about as an example is the SURFACE PRO Tablet Series
> from Microsoft WITH
On Monday, March 16, 2020 2:15:34 AM MST Marius Schwarz wrote:
> Am 16.03.20 um 09:15 schrieb Tomasz Torcz:
>
> >> I knew someone would bring this up: TMP does not protect your drive,
> >> as you could boot with "init=/bin/bash 1" .
> >>
> >How do you do that WITHOUT KEYBOARD? This
On Thu, Mar 19, 2020 at 11:53 AM Marius Schwarz wrote:
>
> Am 19.03.20 um 17:11 schrieb Michael Cronenworth:
> > On 3/19/20 11:04 AM, Marius Schwarz wrote:
> >> correct and thats the main issue, as long you have grub where you can
> >> edit the kernel line to start in runlevel 1.
> >> This makes
Am 19.03.20 um 17:11 schrieb Michael Cronenworth:
> On 3/19/20 11:04 AM, Marius Schwarz wrote:
>> correct and thats the main issue, as long you have grub where you can
>> edit the kernel line to start in runlevel 1.
>> This makes the encryption null and void.
>
> Adding a grub password will
On 3/19/20 11:04 AM, Marius Schwarz wrote:
correct and thats the main issue, as long you have grub where you can
edit the kernel line to start in runlevel 1.
This makes the encryption null and void.
Adding a grub password will prevent those without it from editing your boot
parameters. By
On Thu, Mar 19, 2020 at 05:04:36PM +0100, Marius Schwarz wrote:
> Am 19.03.20 um 15:52 schrieb Momčilo Medić:
> >
> > I'm not familiar with TPM chips, but from what I read here it sounds
> > like there would be no password prompt and anyone would be able to boot
> > the device, no?
> >
> >
>
>
Am 19.03.20 um 15:52 schrieb Momčilo Medić:
>
> I'm not familiar with TPM chips, but from what I read here it sounds
> like there would be no password prompt and anyone would be able to boot
> the device, no?
>
>
correct and thats the main issue, as long you have grub where you can
edit the
On Mon, 2020-03-16 at 14:13 -0400, Stephen John Smoogen wrote:
>
>
> On Mon, 16 Mar 2020 at 13:56, Robbie Harwood
> wrote:
> > Tomasz Torcz writes:
> >
> > > On Sun, Mar 15, 2020 at 11:12:43PM +0100, Marius Schwarz wrote:
> > >> Am 15.03.20 um 13:32 schrieb Vitaly Zaitsev via devel:
> > >> >
On Mon, 16 Mar 2020 at 13:56, Robbie Harwood wrote:
> Tomasz Torcz writes:
>
> > On Sun, Mar 15, 2020 at 11:12:43PM +0100, Marius Schwarz wrote:
> >> Am 15.03.20 um 13:32 schrieb Vitaly Zaitsev via devel:
> >> > On 14.03.2020 13:05, Marius Schwarz wrote:
> >> >> If you encrypt the fedora ( or
Tomasz Torcz writes:
> On Sun, Mar 15, 2020 at 11:12:43PM +0100, Marius Schwarz wrote:
>> Am 15.03.20 um 13:32 schrieb Vitaly Zaitsev via devel:
>> > On 14.03.2020 13:05, Marius Schwarz wrote:
>> >> If you encrypt the fedora ( or any ) installation with luks, as
>> >> security of a mobile
Am 16.03.20 um 09:15 schrieb Tomasz Torcz:
>> I knew someone would bring this up: TMP does not protect your drive,
>> as you could boot with "init=/bin/bash 1" .
>How do you do that WITHOUT KEYBOARD? This thread is about very
> specific situation, please do not forget that when
On Sun, Mar 15, 2020 at 11:12:43PM +0100, Marius Schwarz wrote:
> Am 15.03.20 um 13:32 schrieb Vitaly Zaitsev via devel:
> > On 14.03.2020 13:05, Marius Schwarz wrote:
> >> If you encrypt the fedora ( or any ) installation with luks, as
> >> security of a mobile device indicates, you end up
On 15.03.2020 23:12, Marius Schwarz wrote:
> I knew someone would bring this up: TMP does not protect your drive,
> as you could boot with "init=/bin/bash 1"
You should enable UEFI Secure Boot, create your CA, install systemd-boot
and sign it with your CA.
TPM 2.0 protect full boot chain using
Am 15.03.20 um 13:32 schrieb Vitaly Zaitsev via devel:
> On 14.03.2020 13:05, Marius Schwarz wrote:
>> If you encrypt the fedora ( or any ) installation with luks, as
>> security of a mobile device indicates, you end up without the
>> possibility to enter the password, when you do not have an
On 14.03.2020 13:05, Marius Schwarz wrote:
> If you encrypt the fedora ( or any ) installation with luks, as
> security of a mobile device indicates, you end up without the
> possibility to enter the password, when you do not have an in/external
> keyboard at hand.
You should use TPM 2.0 LUKS
On la, 14 maalis 2020, Marius Schwarz wrote:
Hi all,
bevor we start, it is a VERY VERY SPECIAL situation i will talk about
now. It could get fixed by a UNUSUAL approach.
The device we talk about as an example is the SURFACE PRO Tablet Series
from Microsoft WITH a LUKS encrypted installation on
21 matches
Mail list logo