Owen Taylor, mahaliccin GNOME Shell da Laburaren Pango kuma memba na Fedora for Workstations Development Actions, ya gabatar da wani shiri don ɓoye ɓoyayyen ɓoyayyen ɓoyayyun tsarin da kundayen adireshi na gida mai amfani a cikin Fedora Workstation. Fa'idodin canzawa zuwa ɓoyewa ta hanyar tsohuwa sun haɗa da kariyar bayanai idan ana satar kwamfutar tafi-da-gidanka, kariya daga hare-hare akan na'urorin da ba a kula da su ba, da kiyaye sirri da amincin daga cikin akwatin ba tare da buƙatar magudin da ba dole ba.
Dangane da daftarin shirin, suna shirin yin amfani da Btrfs fscrypt don ɓoyewa. Don ɓangarori na tsarin, ana shirin adana maɓallan ɓoyewa a cikin tsarin TPM kuma ana amfani da su tare da sa hannu na dijital da ake amfani da su don tabbatar da amincin bootloader, kernel da initrd (watau, a matakin taya na tsarin, mai amfani ba zai buƙaci shigar da shi ba. kalmar sirri don warware sassan tsarin). Lokacin rufaffen kundayen adireshi na gida, ana shirin samar da maɓallai dangane da shigar mai amfani da kalmar sirri (za a haɗa littafin da aka rufaffen gida yayin shiga mai amfani).
Lokaci na yunƙurin ya dogara da sauyawar rarrabawa zuwa haɗewar hoton kwaya UKI (Unified Kernel Image), wanda ya haɗu a cikin fayil ɗaya mai sarrafa don loda kwaya daga UEFI (UEFI boot stub), hoton Linux kernel da yanayin tsarin initrd. loda cikin memory. Ba tare da goyon bayan UKI ba, ba zai yuwu a ba da garantin bambance-bambancen abubuwan da ke cikin mahallin initrd ba, wanda aka ƙayyade maɓallan ɓoye bayanan FS (misali, maharin na iya maye gurbin initrd kuma ya kwaikwayi buƙatar kalmar sirri; don guje wa wannan, a tabbatar da zazzagewar dukkan sarkar ana buƙatar kafin hawa FS).
A cikin tsari na yanzu, mai sakawa Fedora yana da zaɓi don ɓoye ɓangarori a matakin toshe ta amfani da dm-crypt, ta amfani da keɓantaccen kalmar wucewa wanda ba a haɗa shi da asusun mai amfani ba. Wannan bayani yana nuna irin waɗannan matsalolin kamar rashin dacewa don ɓoye ɓoye daban-daban a cikin tsarin masu amfani da yawa, rashin goyon baya ga ƙasashen duniya da kayan aiki ga mutanen da ke da nakasa, yiwuwar kai hare-hare ta hanyar tayar da bootloader (mai amfani da bootloader wanda maharan ya shigar zai iya yin kamar shine ainihin bootloader. da buƙatar kalmar sirri ta ɓoye), buƙatar tallafawa framebuffer a cikin initrd don faɗakar da kalmar sirri.
source: budenet.ru