On 12/12/19 6:56 AM, Marius Schwarz wrote:
On the other hand, as android is capable of FDE, they must have made some importanted changes that can be of use here.
Right, because Android has full control of the entire boot process, so they only need the user input at the end where all the moving pieces are in place. I think bulletproofing the boot process is the right approach for Linux as well---but it's hard because the PC platform interface between the firmware (BIOS/UEFI) and the OS is brittle, variable and poorly defined---and if you really lock it up, inevitably someone will get locked out from repairing their system.
Note that ~/ encryption is actually a nice compromise: the boot/OS environment needs integrity more than confidentiality, and maybe could be more maintainable if left unencrypted, while the $HOME would be kept encrypted and confidential.
If you can't rely on an uninterruptible boot, you need I18n support early on, and there are only two possibllities: either use whatever the platform firmware provides (I think that's what you refer when you talk about MS OSK BIOS support), or you arrange for the OS i18n support to be available early enough. The reality of the PC platform is that in general we can't rely on the BIOS support.
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
