[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Root filesystem encryption update



Peter Jones schrieb:
Thomas Swan wrote:

I think we might be putting the cart before the horse.

I'm *sure* we're putting the cart before the horse -- that's what Jeremy and I have been getting at. It's possible to solve these problems, but there are other things that need to be done before we'll have a good solution. More on that below.

A user would be thawing from hibernation on a machine with an
*existing* installation. Therefore language, and keymaps would have
been chosen (during installation) prior to the hibernate operation.

Yeah, we can definitely store something that's right /some/ of the time. Just be aware that there are lots of corner cases. As an example, I often suspend my laptop before driving to work in the morning. When it resumes, it's in a docking station and there's a different keyboard, with a somewhat different key map.

It's not that getting a password from the user on resume is an intractable problem, but that there are steps to be taken before we can solve it in a way that maintains the level of quality and support expected of Fedora. We've got (some of) the filesystem technology to do this, and that's one piece. Another piece is getting video mode setting into the kernel so we can display the graphics required for non-European languages early on in a cleaner way than e.g. svgalib, without having to pull in all of X. There's work going forward on this.

Point being, it's a complex feature, and a lot of the traffic on the list seems to ignore many aspects of why.



I agree that getting encryption support into the initrd is just one of many pieces,
but it is a first step that can be done now without having to wait for the kernel side even
if it means that some users can't use root FS encryption in their native language at the moment.
But it gives us some time to find bugs and fix them before we put all the pieces together.

  Karsten


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]