[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Block device encryption support

I've made an initial attempt at support for creating LUKS-encrypted
partitions at install time. A patch is available here:


The basic idea is a class to represent a generic encrypted device, with
a subclass for dm-crypt, and another for LUKS (the LUKS class inherits
from the dm-crypt class, not the base class). The fsset Device classes
all get a member containing either a pass-through encryption device or a
LUKS one. The main operations on the Device objects are reworked
slightly so that, down to the encryption class code, the code paths are
identical for encrypted and non-encrypted devices.

Some notes:
- My testing was done on rawhide from 24 October, although the patch
  I posted is against rawhide as of now.
- I tested basic LVM (LUKS PVs), RAID 0 (LUKS mdX), and normal
- Code to load the needed crypto kmods is non-existent. I've been
  using a hacked up /sbin/anaconda for that, but it's not for keeps.
- Although I think the building blocks are there, there is no support
  whatsoever for existing LUKS partitions.

Have a look, if interested, and provide feedback.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]