From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Alex Griffin" <a@ajgrf.com>
Subject: Re: Unencrypted boot with encrypted root
Date: Wed, 08 Apr 2020 15:07:35 +0000
Message-ID: <cee81f39-c46c-4370-9474-337acaacaed5@www.fastmail.com>
References: <87ftdmi7pp.fsf@ambrevar.xyz>
 <17c316adc8485d1f09f70d291cfaad50258c6c1f.camel@wine-logistix.de>
 <20200403194423.m3pvz654qslug7g3@pelzflorian.localdomain>
 <a96461003ce1ff51cf8a39cdb56a8685c2e2a8dd.camel@wine-logistix.de>
 <20200404101832.cmegsybfyrseazjq@pelzflorian.localdomain>
 <4610a9147fa041ebb47f184a2d3f7878a8a2539c.camel@wine-logistix.de>
 <87d08jbpcc.fsf@gnu.org>
 <135d8491-53e8-46b6-b77a-fe6a4539b15d@www.fastmail.com>
 <878sj7i6p4.fsf@ponder>
 <6fc66a2a3f3cd71febb16bab2a0aeb65b6fdd147.camel@wine-logistix.de>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:57604)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <a@ajgrf.com>) id 1jMCJG-0001xE-Qy
 for guix-devel@gnu.org; Wed, 08 Apr 2020 11:08:11 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <a@ajgrf.com>) id 1jMCJF-0004iO-Ug
 for guix-devel@gnu.org; Wed, 08 Apr 2020 11:08:10 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:54607)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <a@ajgrf.com>) id 1jMCJF-0004eS-J5
 for guix-devel@gnu.org; Wed, 08 Apr 2020 11:08:09 -0400
In-Reply-To: <6fc66a2a3f3cd71febb16bab2a0aeb65b6fdd147.camel@wine-logistix.de>
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org
Sender: "Guix-devel"
 <guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org>
To: Ellen Papsch <ellen.papsch@wine-logistix.de>, Vagrant Cascadian <vagrant@debian.org>, guix-devel@gnu.org

On Wed, Apr 8, 2020, at 12:25 PM, Ellen Papsch wrote:
> These may be dangerous waters. The key file in initrd is like a house
> key under the mattress. A malicious process could look in the well
> defined place and exfiltrate the key. Think state trojan horses. A
> random name would not suffice, because other characteristics may help
> identifying the file (i.e. size).

What's the threat model here? For me, an encrypted disk is only meant to protect my data at rest. If a malicious process is already running on my system as root, then I don't care if they can exfiltrate the key.

-- 
Alex Griffin