Hi! I want to try out fedora workstation in the near future (once 39 is out) and was wondering if systemd-homed is ready for everyday use yet.

I’m a bit paranoid and really need my private data encrypted. However, I don’t think that full disk encryption is practical for my daily use. Therefore I was really looking forward to the encryption possibilities of systemd-homed.

However, after reading up on it, I was a bit discouraged. AFAIK, there’s no option to setup systemd-homed at installation (of fedora). I was an Arch then Manjaro, then Endeavour user for years but don’t have the time/patience anymore to configure major parrts of my system anymore. Also, the documentation doesn’t seem too noob-friendly to me, which also plays into the time/patience argument.

Is it ready? Can anyone seriously recommend it for a lazy ex-Arch user who doesn’t want to break another linux installation?

Thank you in advance. :)

  • Prunebutt@feddit.deOP
    link
    fedilink
    arrow-up
    2
    arrow-down
    2
    ·
    1 年前

    I need more than data security at rest. Reading out the keys from ram is well within my threat model.

      • Prunebutt@feddit.deOP
        link
        fedilink
        arrow-up
        2
        ·
        1 年前

        Care to elaborate why? I thought that systemd can encrypt your home partition when locking your device.

        • wildbus8979
          link
          fedilink
          arrow-up
          1
          ·
          1 年前

          When locking the device sure, but you could achieve a higher level of security by turning off the machine, or using hibernate with encrypted swap. Boot on my machine with FDE and an NVME sad literally takes seconds anyway…

    • skilltheamps@feddit.de
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      1 年前

      Haha are you serious? In that case nothing short of full disk encryption and secure boot with your own keys is remotely adequate. Do you realize, that just encrypting your /home is at most a mild obscurity measure? If an attacker has potentially access to your computer and parts of it are unencrypted or unsigned, they could easily install a keylogger that sends out your data and/or password the next time you use your computer?!

      If your situation is not just a psychological case of paranoia, but a real threat, then you absolutely need to work on your security knowledge a good amount!

      • Prunebutt@feddit.deOP
        link
        fedilink
        arrow-up
        2
        arrow-down
        6
        ·
        1 年前

        I don’t really hppreciate your tone. Could you be a little less of a dick, please?

        Keyloggers aren’t in my threat model (i.e.: they aren’t in the MO of my potential attackers).