On Friday, 05 April 2019 at 10:00, Petr Pisar wrote: [...] > What's the point of encrypting /boot? All the executed bits from /boot > (grub, kernel, and initramdisk) are measured by TPM. Thus if somebody > tampers them, root file system decryption that uses TPM will fail.
Not everyone has a TPM chip in their machine... Regards, Dominik -- Fedora https://getfedora.org | RPM Fusion http://rpmfusion.org There should be a science of discontent. People need hard times and oppression to develop psychic muscles. -- from "Collected Sayings of Muad'Dib" by the Princess Irulan _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
