13:07:31 #startmeeting Workstation WG (2020-04-14) 13:07:31 Meeting started Tue Apr 21 13:07:31 2020 UTC. 13:07:31 This meeting is logged and archived in a public location. 13:07:31 The chair is aday. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:07:31 Useful Commands: #action #agreed #halp #info #idea #link #topic. 13:07:31 The meeting name has been set to 'workstation_wg_(2020-04-14)' 13:07:31 #meetingname workstation 13:07:31 #chair cmurf 13:07:31 13:07:31 The meeting name has been set to 'workstation' 13:07:31 Current chairs: aday cmurf 13:07:31 #topic Rollcall 13:07:31 13:07:33 #info present: owen, mcatanzaro, kalev, cmurf, jens, langdon, mclasen, neal, tpopela, james, feborges 13:07:36 #info regrets: 13:07:38 #info missing: 13:07:40 13:07:42 #topic Approve minutes 31 March 13:07:46 #link https://meetbot.fedoraproject.org/fedora-meeting-2/2020-03-31/workstation.2020-03-31-13.07.html 13:07:49 #agreed No objections - minutes approved 13:07:51 #topic Approve of minutes 7 Apr 13:07:53 #link https://meetbot.fedoraproject.org/fedora-meeting-2/2020-04-14/workstation.2020-04-14-10.57.html 13:07:56 #agreed Defer until next week. 13:07:58 #topic Announcements 13:08:00 Chris: go/no-go is happening [soon] 13:08:02 Chris has contacted Matthew Garrett about thermald - said that he'd appreciate testing and/or help to applying pressure on Intel 13:08:05 Neal: has put the supplements in place for earlyoom. Doesn't love it, but it's there. It got pulled into the latest compose. 13:08:08 Michael: the systemd-resolved proposal is pretty much done - just a few outstanding details. 13:08:10 Matthias: there's some movement on oom in systemd. Lennart has written some testing recommendations - there's a pointer in one of our tickets. 13:08:13 Topics 13:08:17 #topic Overarching discussion on encryption and disk partitioning 13:08:19 #link https://pagure.io/fedora-workstation/issue/136 13:08:21 #link https://pagure.io/fedora-workstation/issue/101 13:08:23 #link https://pagure.io/fedora-workstation/issue/82 13:08:25 #link https://pagure.io/fedora-workstation/issue/54 13:08:27 Introduction from Chris: 13:08:29 - GRUB - could the bootloader unlock a fully encrypted system? Asked Peter Jones what the a11y/i18n limitations are for GRUB, compared to initramfs/plymouth. His response: GRUB is almost certainly worse. 13:08:32 - TPMs - one option could be to use a TPM to seal a key, to encrypt root independently of home, so you don't need to have a separate disk encryption password. According to Petere, using the TPM is probably the way to go for this. However, it poses some tricky issues for dual boot. None of the integration work has been done for TPM support, and there's no ETA for this. So there's missing infra that Anaconda would need. (Note that there 13:08:37 are two main versions of TPM - 1.2 and 2.0. The stacks and interfaces are completely different. 2.0 is the one that would be supported. LVFS doesn't provide version data at the moment. Chris will request that.) 13:08:40 #action cmurf to request LVFS report enhancement to collect TPM info 13:08:42 - initramfs - if we only encrypt home then we're open to attacks via the initramfs. Prebuilt, signed initramfs is one solution here. Chris asked Matthew Garrett about this, and the ETA for it is unknown, but he'll try to find some time. 13:08:48 - systemd-homed. Ray Strode thinks it's too early to plan to use this by default. It's probably a viable option for narrowly-defined cases, but it's currently mostly a proof of concept. 13:08:51 Neal: will homed ever graduate if no one ever uses it? Would prefer Fedora to take it up rather than let it languish. 13:08:54 Owen: would like to understand what the goals of homed are. Seems to be solving problems which aren't central to what we care about. It's a disrputive change without clear benefits. Would like to understand the performance implications. 13:08:58 Michael: main reason for homed is that it would allow home encryption without a LUKS passphrase, TPM, etc. The performance impact would presumably be lower than LUKS encryption, although he isn't sure about that. 13:09:01 Matthias: homed would hopefully allow us to store information about users outside the user session [?] It doesn't cover every case right now, such as LDAP. 13:09:04 Michael: doesn't know how to guarantee integrity without full disk encryption. 13:09:06 Chris: dmverity requires a readonly image. It isn't encrypted, but has veracity - meaning both integrity which uses checksums, and authenticity which requires a key. 13:09:09 Michael: image verity might suffice for Silverblue? 13:09:11 Chris: predicts a 2% performance hit for either option, including the loopback mount. We'd need to do more testing, but he thinks that the performance is acceptable. 13:09:16 Chris: encryption is probably going to be longer term R&D project - it could be 2 years, but if we get results within 12 months we can be happy. 13:09:19 #topic Disk partitioning (#54) and enabling full-disk encryption by default 13:09:21 Tomas: used to use mock a lot, had problems with disk space with a small root. Switched to one big partition and everything was better. 13:09:24 Neal: the issue is apps using / rather than ~/ - can be fixed without needing to abandon separate ~/ partition 13:09:27 Michael: the reason to encrypt by default - because privacy/security, it's the right thing to do. 13:09:29 Allan: is a single partition and no LVM an option, in terms of the rest of the Fedora project? Various: some push back is possible, but we think that we should have the flexibility to make that decision. 13:09:32 #topic Summary 13:09:34 #info We have 3 separate issues to answer: 1. the long-term option for encryption, 2. short-term decision on disk partitioning layout (and storage technologies used), 3. short-term decision on whether to enable full disk-encryption by default 13:09:38 #agreed The WG will continue to explore options for providing a better encryption experience 13:09:40 #agreed The WG will revisit the short-term decisions on disk partitioning and encryption, following a structured discussion with pros and cons of each choice, with a view to deciding on what to do for F33 13:09:43 #action Chris to invite Lennart, Dusty, Ray to talk to us about homed, CoreOS, etc 13:09:47 James: one concern about enabling disk encryption by default is if you lose the encryption password. 13:09:50 #endmeeting