On 7/2/21 8:02 AM, David Wright wrote:
On Thu 01 Jul 2021 at 20:43:09 (-0700), David Christensen wrote:
On 7/1/21 7:55 PM, David Wright wrote:
On Mon 28 Jun 2021 at 13:36:35 (-0700), David Christensen wrote:
I do not set the 'discard' (trim) option in fstab(5). If and when I
want to erase un
On Fri, Jul 02, 2021 at 10:02:18AM -0500, David Wright wrote:
But what happens with an SSD? If, after the rm step above, you
# fstrim /home
the mountpoint, where /etc/fstab has the line
/dev/mapper/luks-fedcba98-7654-3210-… LABEL1 ext4 /home
then what gets zeroed
If everything's appropriately
On Thu 01 Jul 2021 at 20:43:09 (-0700), David Christensen wrote:
> On 7/1/21 7:55 PM, David Wright wrote:
> > On Mon 28 Jun 2021 at 13:36:35 (-0700), David Christensen wrote:
> >
> > > I do not set the 'discard' (trim) option in fstab(5). If and when I
> > > want to erase unused blocks (such as b
On 7/1/21 7:55 PM, David Wright wrote:
On Mon 28 Jun 2021 at 13:36:35 (-0700), David Christensen wrote:
I do not set the 'discard' (trim) option in fstab(5). If and when I
want to erase unused blocks (such as before taking an image), I use
fstrim(8).
Can you elaborate on a couple of things:
On Mon 28 Jun 2021 at 13:36:35 (-0700), David Christensen wrote:
> I do not set the 'discard' (trim) option in fstab(5). If and when I
> want to erase unused blocks (such as before taking an image), I use
> fstrim(8).
Can you elaborate on a couple of things:
How do you "take an image". Is this
>> > Along with SED, I suggest that you also implement Secure Boot.
>> Can someone give me pointers to actually known attacks (not
>> hypothetical ones, which I can invent myself without much difficulty)
>> that would have been prevented by Secure Boot?
> [2] https://en.wikipedia.org/wiki/Evil_ma
On 6/29/21 5:02 AM, piorunz wrote:
I don't trust SED, after listening to Steve Gibson analysis on state of
this feature.
Audio podcast: http://media.GRC.com/sn/SN-689.mp3
Transcript: https://www.grc.com/sn/sn-689.pdf
His findings were sourced, among other things, on work of security
researcher
On 6/29/21 12:47 AM, to...@tuxteam.de wrote:
On Mon, Jun 28, 2021 at 07:56:47PM -0400, Stefan Monnier wrote:
Along with SED, I suggest that you also implement Secure Boot.
Can someone give me pointers to actually known attacks (not
hypothetical ones, which I can invent myself without much diff
Hi David,
Thanks for your reply.
On 28/06/2021 21:36, David Christensen wrote:
Software encryption (dm-crypt, Linux Unified Key System (LUKS), etc.)
for a system drive is typically applied to the swap, root, and/or data
partitions, but the master boot record (partition table and boot
loader),
On Mon, Jun 28, 2021 at 01:36:35PM -0700, David Christensen wrote:
I do not set the 'discard' (trim) option in fstab(5). If and when I
want to erase unused blocks (such as before taking an image), I use
fstrim(8).
I believe this is installed and enabled by default in Bullseye (at least
new in
On Mon, Jun 28, 2021 at 07:56:47PM -0400, Stefan Monnier wrote:
> > Along with SED, I suggest that you also implement Secure Boot.
>
> Can someone give me pointers to actually known attacks (not
> hypothetical ones, which I can invent myself without much difficulty)
> that would have been prevente
> Along with SED, I suggest that you also implement Secure Boot.
Can someone give me pointers to actually known attacks (not
hypothetical ones, which I can invent myself without much difficulty)
that would have been prevented by Secure Boot?
I can see that subverting the early boot might be a goo
On 6/28/21 1:36 PM, David Christensen wrote:
(Dell factory default for drives is 'RAID'; 'ACPI' may be required).
Correction: AHCI.
David
On 6/28/21 7:52 AM, piorunz wrote:
Hi all,
I've got about 5 years old HP laptop with SSD SATA drive 240 GB. Debian
Bullseye will be installed on it once it's released, as my secondary
computer to use.
I have question regarding whole disk encryption. What technology should
I use, to have encrypti
piorunz:
>
> I have question regarding whole disk encryption. What technology should
> I use, to have encryption of everything, or at least /home, but preserve
> free blocks and have TRIM?
The canonical answer is "LUKS". You can configure it during installation
if you want to. I always use LVM as
Hi all,
I've got about 5 years old HP laptop with SSD SATA drive 240 GB. Debian
Bullseye will be installed on it once it's released, as my secondary
computer to use.
I have question regarding whole disk encryption. What technology should
I use, to have encryption of everything, or at least /home,
16 matches
Mail list logo
