Improving the offline updates user experience

Lennart Poettering mzerqung at
Wed Oct 22 13:18:52 UTC 2014

On Wed, 22.10.14 14:11, Roberto Ragusa (mail at wrote:

> On 10/21/2014 10:02 PM, Lennart Poettering wrote:
> > Maybe
> > that's actually a strategy to adopt here: upload the encryption keys
> > into the firmware as efi vars, and then pull them out on next boots or
> > so (assuming that efi vars can be marked to survive soft reboots
> > without making them fully persistent...)
> Hmmm, surrendering your encryption keys to the only software
> part which you do not have control on?

The firmware runs at the highest priviliges anyway, it can do whatever
it wants... You don't have to "surrender" you keys to it. If it wants
them it can take them anyway...


Lennart Poettering, Red Hat

More information about the devel mailing list