#nixos-security on 2020-01-16

2019-04-23 19:29 gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh

00:44 elvishjerricco has quit [Ping timeout: 260 seconds]

00:45 midchildan has quit [Ping timeout: 272 seconds]

00:46 tazjin has quit [Ping timeout: 260 seconds]

00:46 davidtwco has quit [Ping timeout: 260 seconds]

00:47 lirzhv has quit [Ping timeout: 260 seconds]

00:47 feepo has quit [Ping timeout: 260 seconds]

00:48 haiko has quit [Ping timeout: 260 seconds]

00:54 kalbasit has quit [Ping timeout: 272 seconds]

00:56 _ris has quit [Ping timeout: 252 seconds]

01:20 davidtwco has joined #nixos-security

01:31 davidtwco has quit [Ping timeout: 245 seconds]

03:02 anselmolsm has quit [Quit: Konversation terminated!]

04:03 justan0theruser has joined #nixos-security

04:05 justanotheruser has quit [Ping timeout: 258 seconds]

06:49 midchildan has joined #nixos-security

06:54 haiko has joined #nixos-security

06:56 lirzhv has joined #nixos-security

07:02 feepo has joined #nixos-security

07:06 elvishjerricco has joined #nixos-security

07:12 davidtwco has joined #nixos-security

07:12 kalbasit has joined #nixos-security

08:13 tazjin has joined #nixos-security

08:33 FRidh has joined #nixos-security

11:45 kleisli has quit [Ping timeout: 265 seconds]

13:42 vesper11 has quit [Ping timeout: 260 seconds]

13:42 vesper11 has joined #nixos-security

15:32 <flokli> gchristensen: look into the systemd-homed PR

15:32 <gchristensen> link?

15:33 <flokli> gchristensen: https://lmgtfy.com/?q=systemd-homed+PR

15:34 * gchristensen won't click that

15:36 justan0theruser is now known as justanotheruser

15:37 Synthetica has joined #nixos-security

16:15 Bruno[m]1 has left #nixos-security ["User left"]

16:39 anselmolsm has joined #nixos-security

16:56 kleisli has joined #nixos-security

18:47 <flokli> Will gchristensen Google for it? ;-)

18:47 <gchristensen> probably not today, too busy

19:00 <flokli> With systemd master (or an already open PR), it should be possible to use a yubikey to decrypt a luks keyslot

19:00 <gchristensen> oh nice

19:00 <flokli> With in-initrd systemd, this should even be possible for the root container

19:01 <flokli> Homed is a bit more than that

19:02 <flokli> Basically, homedirs can be encrypted loop mounts, and the key to decrypt can come from your unlock password

19:02 <flokli> So it can wipe the decryption key from ram before suspending (freeze the volume), and can use the key later on

19:03 <flokli> Same with yubikeys there as well if I'm not mistaken

19:04 <flokli> The homed part is understandably quite new and controversial. But all the groundwork for better interaction and integration of crypto volumes did land in systemd too

19:04 <flokli> Which is another reason for why I want to finally fix the cryptsetup stuff :-D

19:04 <flokli> (systemd with cryptsetup support, that is)

19:20 _ris has joined #nixos-security

20:06 ris has joined #nixos-security

20:09 _ris has quit [Ping timeout: 240 seconds]

20:11 <gchristensen> https://github.com/zfsonlinux/zfs/pull/9852 yum

20:11 <{^_^}> zfsonlinux/zfs#9852 (by ghfields, 9 minutes ago, open): Autounlock ZFS Encrypted Root Filesystems using TPM 2.0

20:33 kleisli has quit [Ping timeout: 260 seconds]

20:53 kleisli has joined #nixos-security

21:12 kleisli has quit [Ping timeout: 260 seconds]

21:18 kleisli has joined #nixos-security

21:42 kleisli has quit [Ping timeout: 260 seconds]

22:25 kleisli has joined #nixos-security

23:08 kleisli has quit [Ping timeout: 260 seconds]

23:17 justanotheruser has quit [Ping timeout: 260 seconds]

23:19 justanotheruser has joined #nixos-security

23:36 Synthetica has quit [Quit: Connection closed for inactivity]