On Apr 16, 2023, at 08:01, Christian Stadelmann <genodeftest(a)fedoraproject.org>
wrote:
What does USBGuard have to do with encryption? As far as I know,
USBGuard is used for blocking unwanted USB devices. You can have disk encryption with or
without USBGuard (or the other way round). You can install usbguard on workstation if you
want. It is a bit tricky to setup though,as you can lock yourself out of your system quite
easily.
I believe Hoppár was saying that the Fedora installer should have a OS hardening option
along side the encryption option. The installer would then enact policies such as
USBGuard.
There is already something like this, in the OpenSCAP anaconda plugin. I imagine USBGuard
could be incorporated into the existing security policy options that are managed by
OpenSCAP, if it any already. (I recall it was configured in one of the STIGs)
--
Jonathan Billings