Owen Taylor, tus tsim ntawm GNOME Plhaub thiab Pango lub tsev qiv ntawv thiab ib tus tswv cuab ntawm Fedora rau Workstations txhim kho pawg ua haujlwm, tau muab tso rau hauv ib txoj kev npaj rau kev ua txhaum cai ntawm kev sib cais ntawm cov kab ke thiab cov neeg siv cov npe hauv tsev hauv Fedora Workstation. Cov txiaj ntsig ntawm kev hloov mus rau encryption los ntawm lub neej ntawd suav nrog kev tiv thaiv cov ntaub ntawv nyob rau hauv rooj plaub ntawm lub laptop tub sab, tiv thaiv kev tawm tsam ntawm cov khoom siv tsis muaj neeg saib xyuas, thiab tswj kev tsis pub lwm tus paub thiab kev ncaj ncees tawm ntawm lub thawv yam tsis tas yuav tsum muaj kev tswj xyuas tsis tsim nyog.
Raws li cov phiaj xwm npaj, lawv npaj yuav siv Btrfs fscrypt rau encryption. Rau qhov system partitions, cov yuam sij encryption tau npaj yuav muab khaws cia rau hauv TPM module thiab siv nrog cov kos npe digital siv los txheeb xyuas qhov tseeb ntawm bootloader, kernel thiab initrd (piv txwv li, ntawm qhov system khau raj theem, tus neeg siv yuav tsis tas yuav nkag mus. tus password rau decrypt system partitions). Thaum encrypting home directory, cov yuam sij tau npaj los tsim raws li tus neeg siv nkag mus thiab lo lus zais (cov ntawv qhia hauv tsev encrypted yuav txuas nrog thaum tus neeg siv nkag).
Lub sijhawm ntawm kev pib yog nyob ntawm qhov kev hloov pauv hloov mus rau cov duab sib koom ua ke hauv UKI (Unified Kernel Image), uas sib xyaw ua ke hauv ib cov ntaub ntawv tus neeg tuav ntaub ntawv rau thauj cov ntsiav los ntawm UEFI (UEFI boot stub), Linux ntsiav duab thiab initrd system ib puag ncig. loaded rau hauv nco. Yog tsis muaj UKI kev txhawb nqa, nws tsis tuaj yeem lav qhov tsis sib xws ntawm cov ntsiab lus ntawm ib puag ncig initrd, uas cov yuam sij rau decrypting FS tau txiav txim siab (piv txwv li, tus neeg tawm tsam tuaj yeem hloov qhov initrd thiab simulate tus password thov; kom zam qhov no, a txheeb xyuas rub tawm ntawm tag nrho cov saw yuav tsum tau ua ua ntej mounting FS).
Hauv nws daim ntawv tam sim no, Fedora installer muaj ib qho kev xaiv rau encrypt partitions ntawm qib thaiv siv dm-crypt, siv ib qho passphrase cais uas tsis khi rau tus neeg siv nyiaj. Qhov kev daws teeb meem no qhia txog cov teeb meem xws li qhov tsis tsim nyog rau kev sib cais encryption hauv ntau tus neeg siv tshuab, tsis muaj kev txhawb nqa thoob ntiaj teb thiab cov cuab yeej siv rau cov neeg tsis taus, muaj peev xwm tawm tsam los ntawm bootloader spoofing (tus bootloader ntsia los ntawm tus neeg tawm tsam tuaj yeem ua txuj ua tus thawj bootloader. thiab thov kom tus password decryption), qhov yuav tsum tau txhawb nqa framebuffer hauv initrd kom sai rau tus password.
Tau qhov twg los: opennet.ru