Fedora Workstation Aiming To Improve Encryption, Possibly Encrypted Disk By Default In The Future

Written by Michael Larabel in Fedora on 3 April 2023 at 06:41 PM EDT. 38 Comments
FEDORA
Fedora Workstation developers and those involved at Red Hat have been working to improve the state of disk encryption on Fedora with a end-goal of possibly making the installer encrypt systems by default.

While many Linux distributions allow for full-disk encryption these days, not many distributions enable it by default (Pop!_OS being among the rare that actively encourage it) while it looks like in the future Fedora Workstation could default to having its installer encrypt the disk.


Pop!_OS does a great job actively encouraging encryption on new installs.


Owen Taylor of Red Hat laid out a mailing list post and Discourse thread today around the future of encryption with Fedora. With the encryption planning is also to have the encryption key stored in the system's Trusted Platform Module (TPM) and to also sign the bootloader/kernel/initrd with the TPM signatures. This work in turn is dependent upon the ongoing Unified Kernel Image support with Fedora and upstreams like systemd.

The Fedora Workstation plan would be to use the upcoming Btrfs fscrypt support for encrypting both the system and home directories.


Fedora Workstation in the future could by default enable Btrfs FSCRYPT system and home directory encryption and store the keys in the TPM.


More details on these tentative plans -- that are still subject to change and timing as well as needing formal FESCo approval -- can be found via this mailing list thread and the Fedora Discussion.

Overall this is a good move for Fedora Workstation. Especially for laptops I for years have actively encouraged making use of disk encryption. Especially with modern processors and storage drives, encryption costs are very low and worthwhile for those actively taking their laptops with them as well as other desktops/workstations with sensitive data to physical theft, etc. It will be interesting to see how (and when) the Fedora encryption-by-default plans materialize.
38 Comments
Related News
Btrfs SIG Established For Advancing Btrfs Interests On Fedora
Fedora COSMIC Desktop Spin Proposed For Fedora 42
Fedora 42 Looking To Package Intel SGX Software Stack
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
Fedora Stakeholders Debate Concerns Over "Karma" Term For Their Updates System
Fedora KDE Desktop Spin Promoted To Same Tier As GNOME-Based Fedora Workstation
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features