On Mo, 04.07.22 19:27, Fedora Development ML (devel(a)lists.fedoraproject.org) wrote:
I think using credentials for the rootfs is not very useful, the
user already enters the LUKS password on boot.
I can't parse this.
the systemd credentials stuff are not just for passing secrets or
so. They can be used for any kind of config option. And they are not
just encrypted but also authenticated. That means we can use them to
pass root device info (i.e. a string like /dev/disk/by-uuid/…) in. For
that the encryption doesn't matter, but the authentication does, as we
can use the info safely after authentication, since we know it was
encoded by someone who had the permission to do so.
Lennart
--
Lennart Poettering, Berlin