Mailinglist Archive: opensuse-factory (355 mails)

< Previous Next >
Re: [opensuse-factory] Will openSUSE adopt systemd-homed?
  • From: Axel Braun <axel.braun@xxxxxx>
  • Date: Wed, 18 Mar 2020 10:00:09 +0100
  • Message-id: <7930342.uiFy7tSfbu@t520.axxite.internal>
Am Mittwoch, 18. März 2020, 09:31:01 CET schrieb Ludwig Nussel:
Am 17.03.20 um 20:57 schrieb Axel Braun:
[...]
I never got why to encrypt just disk when there are bunch of data leaking
via /tmp.

https://bugzilla.opensuse.org/show_bug.cgi?id=1166005 is a good reason

to just

encrypt /home

You can put /boot back on a separate partition. That way you still
have everything except kernel and initrd encrypted so accidental
data leak via tmp or swap is still prevented. There was a decision in
an unfortunately private SLE feature request some years ago
(https://fate.suse.com/320215) to ignore the inconveniences of /boot
on / in favor of working snapshots unfortunately.

As Neil Rickert pointed out in between in the above bugreport, /boot on a
separate (unencrypted) partition is not recommended together with btrfs.
So looks like one can have an encrypted root partition AND btrfs AND 20s get-
the-coffee time on each boot, or separate /boot, encrypted root w/o btrfs (and
roolback) and a quick boot time.
Considering the fact that booting happens only every couple of days this might
still be acceptable

Cheers
Axel


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups