[PATCH v5 0/5] Lazy flush for the auth session
Jarkko Sakkinen
jarkko at kernel.org
Tue Oct 15 22:14:22 UTC 2024
On Tue Oct 15, 2024 at 11:08 PM EEST, Mimi Zohar wrote:
> > > > since the feature itself is useful objectively, and make sure
> > > > that those fixes bring the wanted results.
>
> The right thing would have been to listen to my concerns when this was initially
> being discussed. The right thing wasn't enabling TCG_TPM2_HMAC by default.
This is debatable as for laptops and desktops having hard drive
encryption do benefit with this. If systemd hadn't added
systemd-cryptenroll I would agree with this. I learned about this
feature two years after its inception in that project, so we needed to
address this as a priority (I did not and will not follow systemd
development proactively, as don't have time for that).
I feel more safe using my laptop with the feature in place at least.
Besides, it is complicated feature enough that it would have been
impossible ever "zero glitch" land it. I don't think there is any
rigid "data centers first" rule really, except maybe for those
businesses that run data centers (and I'm not one of those
businesses).
BR, Jarkko
More information about the Linux-security-module-archive
mailing list