Chris Murphy wrote:
I'm not sure how people are worried about trojans being injected
into
an unencrypted root, while also not at all concerned about bootloader
malware, or malware injected into the initramfs or the hibernation
image - which upon resume replaces everything in RAM in favor of
what's in the image.
The bootloader itself getting attacked is a concern, but for the initramfs,
encrypting /boot is actually a solved problem, Anaconda just needs to
support it. (That said, it means that you have to type the passphrase into
GRUB, so you are stuck with its limited input capabilities.)
The alternative, to put a fine point on it, would mean creating some
small
subset of the entire GNOME stack to stuff into the initramfs in order to
provide input, keymapping, and UI to have the minimum a11y function and
i18n expectations. That's a tough sell.
IMHO, Qt for the LinuxFB (fbdev) or EGLFS (if you really need OpenGL)
platform would be a much better fit for this purpose than the GNOME stack,
if you really think we cannot do without the convenience of a GUI toolkit
for a passphrase prompt on bootup. (That said, this approach precludes
encrypting /boot, unfortunately.)
Kevin Kofler