Haven’t heard of selfh.st before. Looks nice
INeedMana
- 0 Posts
- 8 Comments
Joined 10 months ago
Cake day: July 3rd, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
1·1 day agoWell, TIL
When Windows users had to switch versions because of TPM I was not paying attention, I run Linux everywhere. Apparently there can be some use of TPMBut then, without a separate stage of encryption (like encrypting
/homeadditionally), the system will just boot up with the data available. It can still be messed with
This is dangerous
Hence my point about why bother at all. Without full encryption one gets leaks. With full encryption some kind of secret is required. Either password (hence that need of keyboard in earlier comment) or a key, etc
In order to not need a secret during boot, critical parts have to be exposed
Theoretically one could also put logs and cache on encrypted volumes. Maybe that could be some solution. I have in the past had
/var/logson separate partition, so it didn’t make/run out of space. Linux had no issue with that. But that still leaves kernel and OS exposedfully encrypted drive and this chain’s existence makes it easier to know that no one has tampered with my system
The comment I responded to mentioned:
needing to enter a password before the OS boots is a decision that makes Linux kind of awkward to use disk encryption with
I don’t think you are talking about the same setup and vectors. Their point was to not have fully encrypted drive, so it boots without a prompt
OS encryption isn’t that important (verification is)
I don’t think I’ve heard about some boot-time checksum verification of root partition. Doesn’t mean it does not exist, just that I can’t help here
protecting user data
My point is: if OS is not encrypted, it can be modified. And that verification idea, if is not stored under some encryption, could also be changed. Which means that by the time you put in your password to decrypt your home, you might be already running system that will nullify the protection. Encrypting only your data will only protect you in scenarios when someone snatches your device turned off
If you want the OS to boot before it decrypts your drive, why encrypt it in the first place? Honest question, not an attack. For OS to boot without any password it needs to be booting from unencrypted drive. So the attacker could just put their keyloggers on that drive
read only OS partition to boot and then encrypts your user data partition, can I do that with Linux?
Yes. Just encrypt /home partition only
1·17 days agoThat’s how the community plays it. 3 being rather on the low-end of what I’ve heard of
And if you know the game mechanics and play enough you can buy subscription of one month with in-game money
I can’t report because I haven’t validated them yet… I’m not going to send [the Linux kernel maintainers] potential slop
That’s worth pointing out IMO
Thanks 🙂 I added all 3 to my RSS, I’ll see how they flow