<div dir="ltr"><div dir="ltr">пт, 27 сент. 2019 г. в 16:50, Lennart Poettering <<a href="mailto:mzerqung@0pointer.de">mzerqung@0pointer.de</a>>:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
1. full disk encryption with the user typing in the password on the<br>
kbd. But isn't the answer to this to link the root OS to the tpm<br>
instead, and use user-keyed crypto only for $HOME? The OS itself<br>
doesn't need to be protected after all, everbody should have the<br>
same files there anyway, it's $HOME that needs protection.<br></blockquote><div><br></div><div>It is still hard (due to the old, now expired, self-embargo) to buy any PC with a TPM in Russia.</div></div><div><br></div>-- <br><div dir="ltr" class="gmail_signature">Alexander E. Patrakov</div></div>