U-Owen Taylor, umdali we-GNOME Shell kanye nomtapo wezincwadi wePango futhi oyilungu leqembu elisebenzayo le-Fedora for Workstations Development, ubeke phambili uhlelo lokubethela okuzenzakalelayo kokuhlukaniswa kwesistimu kanye nemibhalo yabasebenzisi basekhaya ku-Fedora Workstation. Izinzuzo zokushintshela ekubetheleni ngokuzenzakalelayo zihlanganisa ukuvikelwa kwedatha uma kwenzeka kwebiwa ikhompuyutha ephathekayo, ukuvikelwa ekuhlaselweni kwamadivayisi angagadiwe, nokugcina ubumfihlo nobuqotho ngaphandle kwebhokisi ngaphandle kwesidingo sokukhohlisa okungadingekile.
Ngokuhambisana nohlelo olusalungiswa olulungisiwe, bahlela ukusebenzisa i-Btrfs fscrypt ukuze ibethelwe. Ezingxenyeni zesistimu, okhiye bokubethela bahlelelwe ukugcinwa kumojula ye-TPM futhi basetshenziswe ngokuhambisana namasignesha edijithali asetshenziselwa ukuqinisekisa ubuqotho be-bootloader, i-kernel, ne-initrd (okungukuthi, esigabeni sokuqalisa uhlelo, umsebenzisi ngeke adinge ukufaka iphasiwedi ukuze ukhiphe ukubethela kokwahlukaniswa kwesistimu). Lapho bebhala uhla lwemibhalo lwasekhaya, bahlela ukukhiqiza okhiye ngokusekelwe ekungeneni komsebenzisi nephasiwedi (uhla lwemibhalo lwasekhaya olubethelwe luzoxhunywa lapho umsebenzisi engena ohlelweni).
Isikhathi sokuqalisa sincike ekushintsheni kokusabalalisa kuya esithombeni se-kernel esihlanganisiwe i-UKI (Isithombe Se-kernel Ehlanganisiwe), esihlanganisa kufayela elilodwa isibambi sokulayisha i-kernel ukusuka ku-UEFI (i-UEFI boot stub), isithombe se-Linux kernel kanye nemvelo yesistimu ye-initrd. kulayishwe enkumbulweni. Ngaphandle kokusekelwa kwe-UKI, akunakwenzeka ukuqinisekisa ukungaguquki kokuqukethwe kwendawo ye-initrd, lapho kunqunywa khona okhiye bokukhipha ukubethela kwe-FS (isibonelo, umhlaseli angangena esikhundleni se-initrd futhi alingise isicelo sephasiwedi; ukugwema lokhu, a ukulandwa okuqinisekisiwe kwalo lonke uchungechunge kuyadingeka ngaphambi kokukhweza i-FS).
Ngefomu layo lamanje, isifaki se-Fedora sinenketho yokubethela izingxenye ze-block nge-dm-crypt kusetshenziswa umushwana wokungena ohlukile ongaboshelwe ku-akhawunti yomsebenzisi. Lesi sixazululo sigqamisa izinkinga ezinjengokungafaneleki ukubethela okuhlukene ezinhlelweni zabasebenzisi abaningi, ukuntuleka kokusekelwa kokwenziwa kwamanye amazwe namathuluzi abantu abakhubazekile, amathuba okuhlaselwa nge-spoofing ye-bootloader (i-bootloader efakwe umhlaseli ingenza sengathi i-bootloader yasekuqaleni. futhi ucele igama-mfihlo lokususa ukubethela), isidingo sokusekela i-framebuffer ku-initrd ukuze ucele iphasiwedi.
Source: opennet.ru