On Do, 05.12.19 00:40, Marius Schwarz (fedoradev(a)cloud-foo.de) wrote:
Am 04.12.19 um 02:02 schrieb Chris Murphy:
> Anaconda custom partitioning has a per mount point encryption option.
> I can LUKS encrypt only the volume mounted at /home. And if I do this,
If you do this, someone can manipulate your system to trojan horse your
passwords,
when he has physical access to it.
Full-Diskencryption ( /boot included ) is the only way to protect the
system itself.
Anything else is simply not secure.
Uh, first of all plain full disk encryption like we set it up
typically on Fedora provides confidentiality, not integrity. For the
OS image itself you want integrity though, confidentiality is not
needed (after all anyone can download Fedora from the Internet,
everyone knows all the bits and bytes in it anyway, it's inherently
public information, there's zero point in encrypting it).
Unless you combine dm-crypt with dm-integrity (which we currently
generally do not do), or you use dm-verity you are not actually
protecting the OS from undetected modification.
And there's no point in encrypting /boot, because that contains only
public information too. If you want to protect your boot chain, use
something like a complete SecureBoot chain, but that too is something
we currently don't actually support on Fedora. (because initrds are
not verified).
Anyway, figure out your threat model, and figure out how you want to
protect what, and understand that for different parts of the
installation different rules apply. And yes, I think encrypting the
home directory with the user's own password makes most sense.
Lennart
--
Lennart Poettering, Berlin