Am Dienstag, den 07.04.2020, 22:19 +0200 schrieb Ludovic Courtès: > Ellen Papsch <ellen.pap...@wine-logistix.de> skribis: > > > Sure, but what happens when you reconfigure? You still need to have > that file around so it can be added to the initrd. >
Does it really have to be added to initrd? From my other reply: > These may be dangerous waters. The key file in initrd is like a house > key under the mattress. A malicious process could look in the well > defined place and exfiltrate the key. Think state trojan horses. A > random name would not suffice, because other characteristics may help > identifying the file (i.e. size). > I think* Guix would burden itself too much with secrets. It's > something for the user and the installer should just make it more > convenient, with a nudge to a more secure setup. The key file should > be stored in a user specified location, preferably a pen drive (which > is otherwise not used). It can be removed, so no read can occur by > arbitrary processes. A passphrase should be added as backup. > > (*) as non-guru reconfigure would not have to touch the file at all, if it were a user supplied file name. I'm aware other files are often put in the store by references in operating-system (or inlined). The secrets file on the other hand should just be assumed to be there. Initrd should try to mount the drive. Best regards
