On Sun, Mar 8, 2020 at 14:18, Chris Murphy
On Sun, Mar 8, 2020 at 12:49 PM Christian Boltz
wrote: This is somewhat similar to the discussion if you really need to encrypt the root partition, or if encrypting /home is good enough. IMHO it isn't, because for example files in /tmp/ can also contain sensitive data which you don't want to have unencrypted. For example, when you click a PDF attached to a mail in KMail, it will get stored in /tmp/ before it gets opened.
/tmp really should be on tmpfs.
The UI/UX of asking the user for two passphrases (boot separate from login) is not acceptable. And further, neither the GRUB nor initramfs environments are sufficiently sophisticated to support i18n, and a11y needs properly. Piecemeal effort here and there to only enhance the security of English language users, and users who restrict their passphrases to ASCII, is just not a modern solution.
Plymouth actually supports translating the boot screen, so I don't see why that couldn't be extended to the password prompt it can create. As for a11n, we have gfxboot which does tts basically in grub. I would say both i18n and a11y are possible very early in the boot process, we just don't see much development in that front. The main issue in my eyes is that with boot stuff we are stuck in the 90s. When Windows bootloader and UEFI can utilize mice connected to basically every desktop computer (not to mention a11y and i18n), we are here attempting to be as backwards compatible as possible, which while great, ignores the possibilities the current technologies actually give us. GRUB2 works great for servers and pre-UEFI machines, can't we really have something else on the desktop? Something that is capable of providing us mouse/touch input methods, a11n features, and a language/keyboard selector. LCP [Stasiek] https://lcp.world -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org