Am 06.12.19 um 23:22 schrieb Chris Murphy:
Is it your position that encrypting ~/ alone is not an incremental
improvement? Are you suggesting it's necessary to assume Fedora
Workstation users are subject to targeted attacks? And therefore
install time default must encrypt /, /home, swap? And that this
targeted attack, that applies to everyone, does not include targeted
attacks on unencrypted /boot or the bootloader for reasons you refuse
to elaborate on? And you propose that users should have to opt out of
this, rather than opt in?
If the drive stays stolen, it does no longer matter if the entire system
got changed or not, you never will see your drive again anyway.
But, in the case your laptop is running, and an attacker can manipulate
the os, the moment you relogin, you lost everything.
That would not happen, if the drive is powered down, as the os is
untamperable in that moment.
/boot,bootloader and bios can be removed, by swapping the hw the drive
resides in. As the owner of a device, you will know if someone did it
when you where on the toilet ;) and to make it that hard to trick
someone, /boot, bios and bootloader should also be protected :) That
forces the attacker to use a level of effort, it's easier to just shoot
you while the drive is unlocked.
best regards,
Marius