Re: Seeking advice re: CVE-2019-13179 (insecure permissions for initramfs)

To: debian-devel@lists.debian.org
Subject: Re: Seeking advice re: CVE-2019-13179 (insecure permissions for initramfs)
From: Andrey Rahmatullin <wrar@debian.org>
Date: Wed, 3 Jul 2019 18:07:41 +0500
Message-id: <[🔎] 20190703130741.GF1715@belkar.wrar.name>
In-reply-to: <[🔎] tslzhlvz32p.fsf@suchdamage.org>
References: <[🔎] 2512d87a-f733-1138-db59-ae96779cff67@debian.org> <[🔎] tslzhlvz32p.fsf@suchdamage.org>

On Wed, Jul 03, 2019 at 08:59:26AM -0400, Sam Hartman wrote:
> The rationale is that on systems with full disk encryption the initramfs
> probably isn't encrypted
> 
> I personally think sticking your full disk encryption keys onto the
> initramfs doesn't have a lot of value. 
These two things are linked, actually.
You put the encryption key into initramfs, put initramfs on the encrypted
partition and get real full disk encryption while entering the passphrase
on boot only once.

-- 
WBR, wRAR

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Seeking advice re: CVE-2019-13179 (insecure permissions for initramfs)
  - From: Jonathan Carter <jcc@debian.org>
- Re: Seeking advice re: CVE-2019-13179 (insecure permissions for initramfs)
  - From: Sam Hartman <hartmans@debian.org>

Prev by Date: Re: Seeking advice re: CVE-2019-13179 (insecure permissions for initramfs)
Next by Date: Re: dgit advocacy again (Re: Survey results: git packaging practices / repository format)
Previous by thread: Re: Seeking advice re: CVE-2019-13179 (insecure permissions for initramfs)
Next by thread: W związku ze zleceniem
Index(es):
- Date
- Thread