[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <D4WQ58T5O21X.CGFKGFKV630K@kernel.org>
Date: Wed, 16 Oct 2024 01:14:22 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Mimi Zohar" <zohar@...ux.ibm.com>, "Roberto Sassu"
<roberto.sassu@...weicloud.com>, <linux-integrity@...r.kernel.org>
Cc: <James.Bottomley@...senPartnership.com>, <roberto.sassu@...wei.com>,
<mapengyu@...il.com>, "David Howells" <dhowells@...hat.com>, "Paul Moore"
<paul@...l-moore.com>, "James Morris" <jmorris@...ei.org>, "Serge E.
Hallyn" <serge@...lyn.com>, "Peter Huewe" <peterhuewe@....de>, "Jason
Gunthorpe" <jgg@...pe.ca>, <keyrings@...r.kernel.org>,
<linux-security-module@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v5 0/5] Lazy flush for the auth session
On Tue Oct 15, 2024 at 11:08 PM EEST, Mimi Zohar wrote:
> > > > since the feature itself is useful objectively, and make sure
> > > > that those fixes bring the wanted results.
>
> The right thing would have been to listen to my concerns when this was initially
> being discussed. The right thing wasn't enabling TCG_TPM2_HMAC by default.
This is debatable as for laptops and desktops having hard drive
encryption do benefit with this. If systemd hadn't added
systemd-cryptenroll I would agree with this. I learned about this
feature two years after its inception in that project, so we needed to
address this as a priority (I did not and will not follow systemd
development proactively, as don't have time for that).
I feel more safe using my laptop with the feature in place at least.
Besides, it is complicated feature enough that it would have been
impossible ever "zero glitch" land it. I don't think there is any
rigid "data centers first" rule really, except maybe for those
businesses that run data centers (and I'm not one of those
businesses).
BR, Jarkko
Powered by blists - more mailing lists