Comment on CrowdStrike Isn't the Real Problem
I_Miss_Daniel@lemmy.world 3 months agoSounds good, but can you trust an OS partition not to store things in %programdata% etc that should be encrypted?
Comment on CrowdStrike Isn't the Real Problem
I_Miss_Daniel@lemmy.world 3 months agoSounds good, but can you trust an OS partition not to store things in %programdata% etc that should be encrypted?
Dran_Arcana@lemmy.world 3 months ago
With enough ~autism~ in your overlay configs, sure, but in my environment tat leakage is still encrypted. It’s far simpler to just accept leakage and encrypt the OS partition with a key that’s never stored anywhere. If it gets lost, you rebuild the system from pxe. (Which is fine, because it only takes about 20 minutes and no data we care about exists there) If it’s working correctly, the OS partition is still encrypted and protects any inadvertent data leakage from offline attacks.