Bug#1053559: Feature: argon2id support
Alexey Kuznetsov
kuznetsov.alexey at gmail.com
Fri Oct 6 11:36:04 BST 2023
> Feel free to land the support upstream, but it's not something that
> we should be shipping downstream.
I report upstream. But seems like it not going to be fixed anytime
soon. So, I share my smartmem.patch here. But I have no idea how it
works here at Debian. Maybe I better to keep it as is, rebuilding grub
locally.
> Going forward, for secure boot, our focus is not on adding things,
but on removing
> existing things like f2fs file support again. It stands to reason
> that encrypted /boot should not be supported either as there is no
> practical use case (it is security by obscurity) and you are better
> served by an unencrypted boot with a pre-built signed initrd or
> a MOK-signed initrd (or really UKI), and decrypting untrusted data
> hence is unnecessary danger.
>
Saying things I put in my pocket are untrusted, but items gaven to me
by other guys with sign, are trusted?! That how security treated here
at debian from all members?
Beside security point, having hudge many GB boot partition with all
kernel installed is a pain. I keep my EFI under 50MB for binaries to
boot.
More information about the Pkg-grub-devel
mailing list