Encryption muFedora inotarisirwa semhinduro yekuchengetedza kumushandisi
Mazuva mashoma apfuura nyaya yakabuda kuti Owen Taylor, mugadziri weGNOME Shell uye Pango raibhurari, uye nhengo yeFedora Workstation Development Working Group, yakaratidza chirongwa che encrypt system partitions uye madhairekitori emusha evashandisi nekusarudzika muFedora Workstation.
Zvakanakira kuchinja kune encryption by default sanganisira kuchengetedza data kana laptop yabiwa, kudzivirira kubva pakurwiswa kwemidziyo akasiiwa asina anotarisira, achichengeta zvakavanzika uye kuvimbika pasina kudiwa kwemaitiro asina basa.
Kwenguva yakati rebei, Workstations Working Group yanga iine zvikumbiro zvakavhurika zvekuvandudza mamiriro ekunyorera muFedora, uye kunyanya kuti usvike padanho rekuti iwe unogona kuve neiyo yekuisa encrypt masisitimu nekutadza. Kuti ndienderere mberi, ndanga ndichishanda pagwaro rezvinodiwa uye hurongwa hwekunyora.
Muchidimbu chipfupi, chirongwa ndechekuti: Shandisa iri kuuya btrfs fscrypt tsigiro ye encrypt system uye madhairekitori epamba. Iyo sisitimu ichave yakavharidzirwa nekusarudzika nekiyi encryption yakachengetwa muTPM uye yakabatanidzwa kune masiginecha anoshandiswa kusaina bootloader/kernel/initrd, ichipa dziviriro kubva mukukanganisa, nepo madhairekitori epamba achizovharirwa uchishandisa password mushandisi login.
Zvinoenderana nehurongwa hwekunyorwa gadzirira, vanoronga kushandisa Btrfs fscrypt ye encryption. Kune masystem partitions, makiyi encryption achachengetwa muTPM module uye ivo vachashandiswa pamwe chete nemasiginecha edhijitari kuratidza kutendeseka kweiyo bootloader, kernel uye initrd (kureva kuti, padanho rekutanga system, mushandisi haazodi kuisa password kuti adecrypt system partitions).
Paunenge uchivharidzira madhairekitori epamba, makiyi anorongwa kuti agadzirwe zvichibva pazita remushandisi uye password (iyo yakavharidzirwa dhairekitori repamba richabatanidzwa kana mushandisi apinda muhurongwa).
Nguva yekushandisa kwekutanga zvinoenderana neshanduko kubva kugovera kit kuenda kune yakabatana kernel mufananidzo UK (Unified Kernel Image), iyo inosanganisa mutyairi wekurodha kernel kubva kuUEFI (UEFI Boot Stub), iyo Linux kernel mufananidzo uye initrd system nharaunda yakaiswa mundangariro mufaira.
Pasina tsigiro yeUKI, hazvigoneke kuvimbisa kusapindirana kwezviri mukati meiyo initrd nharaunda, umo makiyi ekubvisa iyo FS anotemerwa (semuenzaniso, anorwisa anogona kushandura initrd uye kutevedzera chikumbiro chepassword, kudzivirira izvi, zvakasimbiswa. zvinodikanwa kurodha ketani yese usati waisa FS).
Mune chimiro chayo chazvino, iyo Fedora inosimudzira ine sarudzo yekuvhara zvikamu padanho rekuvhara ne dm-crypt uchishandisa yakasarudzika passphrase isina kusungirirwa kuaccount yemushandisi.
Chikumbiro ichi chinomiririra shanduko huru kubva pakuva Yakachengeteka Boot sechimwe chinhu chatinoisa simba rakawanda machiri, asi hachinyatsoita zvakawanda, kune chimwe chinhu chatinovimba nacho zvakanyanya kuti tipe imwezve chengetedzo yemushandisi.
Ndingada kunzwa, pakati pezvimwe zvinhu: * Pane here zvinodiwa izvo gwaro haritore? * Pane kumwe kutyisidzira kwatinofanira kuedza kugadzirisa here? …
Iyi gadziriso inonongedza nyaya dzakadai sekusakodzera kuvharirwa kwakasiyana pane akawanda-mushandisi masisitimu, kushaikwa kwerutsigiro rwekudyidzana nedzimwe nyika uye maturusi evanhu vakaremara, mukana wekurwiswa kuburikidza nebootloader substitution (bootloader yakaiswa neanorwisa inogona kunyepedzera kunge ndiyo yekutanga bootloader. uye kukumbira decryption password), kukosha kwekutsigira framebuffer muinitrd kukumbira password.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.