nekohayo
commented
7 months ago Is there a corresponding ticket for non-Silverblue Fedora Workstation somewhere?
Open travier opened 1 year ago
nekohayo
commented
7 months ago Is there a corresponding ticket for non-Silverblue Fedora Workstation somewhere?
Is your feature request related to a problem? Please describe.
Older key derivation functions are considered insecure and we should try to make sure that LUKS encrypted disks get their keys automatically updated on update.
See https://mjg59.dreamwidth.org/66429.html
This is particularly of interest for Silverblue/Kinoite/Sericea as this is a common LUKS encrypted disk setup with a password on laptops.
This will only work for LUKS setups where we can guarantee that we can re-enter the key of all keyslots or that we can ask the user to re-enter all keys.
It might be really hard to do non-interactively on Silverblue. Documentation might be the best option.
See discussion for FCOS: https://github.com/coreos/fedora-coreos-tracker/issues/1474