Owen Taylor, mugadziri weGNOME Shell uye Pango raibhurari uye nhengo yeFedora yeWorkstations budiriro yeboka rekushanda, akaisa pamberi hurongwa hwekuvharirwa kweiyo system partitions uye madhairekitori emusha evashandisi muFedora Workstation. Mabhenefiti ekuchinja encryption nekukasira anosanganisira kuchengetedzwa kwedata kana pakaitika kuba laptop, dziviriro kubva pakurwiswa pamidziyo isina kutarisirwa, uye kuchengetedza zvakavanzika uye kuvimbika kunze kwebhokisi pasina kudiwa kwekunyengedzwa kusingakoshi.
Zvinoenderana neyakagadzirirwa dhizaini chirongwa, vanoronga kushandisa Btrfs fscrypt yekuvharira. Kune masystem partitions, makiyi encryption akarongwa kuti achengetwe muTPM module uye anoshandiswa pamwe chete nemasiginecha edhijitari anoshandiswa kuratidza kuvimbika kwebootloader, kernel uye initrd (kureva, padanho rekutanga system, mushandisi haazodi kupinda. password ye decrypt system partitions). Paunenge uchivharidzira madhairekitori epamba, makiyi anorongwa kuti agadzirwe zvichibva pakupinda kwemushandisi uye password (iyo yakavharidzirwa dhairekitori repamba richabatanidzwa panguva yekupinda mushandisi).
Nguva yechirongwa inoenderana neshanduko yekugovera kune yakabatana kernel mufananidzo UKI (Unified Kernel Image), iyo inosanganisa mune imwe faira mubati wekutakura kernel kubva kuUEFI (UEFI boot stub), iyo Linux kernel mufananidzo uye initrd system nharaunda. zvakaiswa mundangariro. Pasina tsigiro yeUKI, hazvigoneke kuvimbisa kusapindirana kwezviri mukati meiyo initrd nharaunda, umo makiyi ekubvisa FS anotemerwa (semuenzaniso, anorwisa anogona kutsiva iyo initrd uye kutevedzera chikumbiro chepassword; kudzivirira izvi, a kudhawunirodherwa kweketani yese kunodiwa usati waisa FS).
Mune chimiro chayo chazvino, iyo Fedora inosimudzira ine sarudzo yekuvhara zvikamu padanho rekuvhara uchishandisa dm-crypt, uchishandisa yakasarudzika passphrase isina kusungirirwa kuaccount yemushandisi. Mhinduro iyi inoburitsa matambudziko akadai sekusakodzera kuvharirwa kwakasiyana mumasisitimu evashandisi vakawanda, kushaikwa kwerutsigiro rwekudyidzana nedzimwe nyika uye maturusi evanhu vakaremara, mukana wekurwiswa kuburikidza nebootloader spoofing (bootloader yakaiswa neanorwisa inogona kuita kunge ndiyo yekutanga bootloader. uye kukumbira decryption password), kukosha kwekutsigira framebuffer muinitrd kukurudzira password.
Source: opennet.ru