[systemd-devel] Authenticated Boot: dm-integrity modes
Adrian Vovk
adrianvovk at gmail.com
Thu Dec 2 04:24:23 UTC 2021
> Why can't you just enable journalling in systemd-homed, so we have
LUKS+dm-integrity-journalling?
That's why there's two layers of dm-integrity stacked on top of each
other (one protecting the filesystem, one baked into the systemd-homed
LUKS image)
> If the user needs to separate / and /home, isn't that just sensible
design?
I'm not exactly sure what you mean by this, sorry
> As for SSDs, the latest ones, as far as I can tell, have a lifespan
measured in years even if they're being absolutely hammered by a stress
test. If you're really worried about wearing out an SSD, put the journal
on rotating rust, but I think those in the know are likely to tell you
that the rust will die before the SSD.
This is for a general-purpose desktop OS. I have absolutely no control
over the hardware my users have in their computers. Many SSDs from a
few years ago have significantly worse lifetimes. I'd rather not wear
out the SSD 4x more than necessary (even if many newer SSDs can handle
that)
Best,
Adrian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20211201/b8ceae69/attachment.htm>
More information about the systemd-devel
mailing list