Does Fedora mitigate the issues reported by Lennart Poettering?

This recent Phoronix post and it’s linked post by Lennart Poettering appears to point out several worrying security issues with filesystem encryption and session security in unnamed linux distros.

Lennart: Linux Comes Up Short Around Disk Encryption, Authenticated Boot Security - Phoronix linking to Authenticated Boot and Disk Encryption on Linux

Does Fedora mitigate any of these issues and how confident should I be about my data security because of them?

1 Like

Fedora and pretty much all Linux systems in general are very secure.Unless your letting others use your computer going into websites and opening strange emails that you probably shouldn’t I wouldn’t get to concerned.

The security issues here are related to physical security and encryption. Most notable between when your drive encryption is unlocked and when you log into your session. Not about how you use the system once unlocked.

As long as I’m the only one logging into my system then I should be ok.

I think the biggest problem with Disk Encryption is that it is not the default. So, your average Linux distro can be secure but it is not by default. A lot of attack vectors are being mitigated with an encrypted hard drive.

The technology is there (and built into the installers), it’s just not the default on installations.

I don’t understand why Fedora (and other distros) require you to opt in to a more secure system and not the other way around. Maybe it is expected from Linux users to be secure-aware and choose whatever the user thinks is right. In my opinion, it should be secure by default, especially for newbie users that only click “Next” in the installer

The default Fedora install is completely insecure, I steel your laptop (or borrow your harddrive while you sleep) and I will be able to access all data.

Not at all, becoming root on any Linux install that is not encrypted is a relatively easy task. Unless encrypted, anyone with physical access also has access to the data stored.

2 Likes

Well it may happen today but in the 25 years or so that I’ve been using Linux I have had no issues.

1 Like

With Drive/Partition encryption, there is a risk of lost data when the passphrase is lost, in addition to not have a working recovery key.

I think that is the main reason why it is an opt-in for the users as they must be clear about the importance of the encryption keys.

2 Likes