On Thursday, December 5, 2019 3:02:48 PM MST Chris Murphy wrote:
On Thu, Dec 5, 2019 at 4:03 AM Marius Schwarz
<fedoradev(a)cloud-foo.de>
wrote:
> With FDE running and "Suspend-to-disk" selected in your screensafer
> settings, you get asked for your password on hw wakeup before your
> system gets back running. If someone wants to use such things, he
> already can.
FDE depends on initramfs and plymouth to present the UI for volume
unlock passphrase. That stack is limited, and presents numerous UI/UX,
a11y, i18n, and other problems , that must be considered in the
evaluation to enable it by default. And that is the context, how to
better secure user data by default. The mandate is not to make it
perfect. It's to do better.
There is really no UI/UX issue. It just needs to ask for a password for a key
to decrypt. That's it. The UI is limited to either:
1, without Plymouth: A line in a framebuffer asking you to enter a password
2, with Plymouth: A box in the center of your screen that shows circles as you
enter keys, expecting you to enter a password for a key.
--
John M. Harris, Jr.
Splentity