On Thursday, December 5, 2019 2:56:22 AM MST Lennart Poettering wrote:
Uh, first of all plain full disk encryption like we set it up
typically on Fedora provides confidentiality, not integrity. For the
OS image itself you want integrity though, confidentiality is not
needed (after all anyone can download Fedora from the Internet,
everyone knows all the bits and bytes in it anyway, it's inherently
public information, there's zero point in encrypting it).
I have to disagree. The system itself is not just the list of packages
installed, but can certainly include software that an individual or company
wrote themselves or purchased , and do not wish to lose to a breach. This also
includes global configuration files, which may include, for example, a VPN
configuration, network configuration and so on.
Unless you combine dm-crypt with dm-integrity (which we currently
generally do not do), or you use dm-verity you are not actually
protecting the OS from undetected modification.
Well, you are, in that the average attacker have to break or steal a key to
decrypt the drive first. Sure, it wouldn't stop a sophisticated attack.
And there's no point in encrypting /boot, because that contains
only
public information too. If you want to protect your boot chain, use
something like a complete SecureBoot chain, but that too is something
we currently don't actually support on Fedora. (because initrds are
not verified).
This is not generally true either. Encrypting /boot helps to ensure that /boot
is not modified, and is generally paired with GRUB signature validation. In
some setups, this GRUB configuration is moved to flash storage.
Anyway, figure out your threat model, and figure out how you want to
protect what, and understand that for different parts of the
installation different rules apply.
I don't believe this as the case, as specified above.
And yes, I think encrypting the home directory with the user's
own password
makes most sense.
I suppose that's a good *start*, where users wouldn't use encryption
otherwise.
--
John M. Harris, Jr.
Splentity