Musings about on-disk encryption in Fedora Core
Nils Philippsen
nphilipp at redhat.com
Mon Jul 5 19:04:36 UTC 2004
On Mon, 2004-07-05 at 20:56, Alan Cox wrote:
> On Mon, Jul 05, 2004 at 07:58:37PM +0200, Nils Philippsen wrote:
> > initrd rather in the normal initscripts so that configuration (which
> > real device gets mapped to what dm device, cipher to be used, key
> > length, ...) is on /etc were possible and _not_ hidden in the initrd.
>
> Without the key you can't get to the rootfs so I am not sure where else
> you would put such things for the interesting cases. Maybe a link would
> be appropriate from /etc (as with grub.conf ?) to files on /boot ?
I don't know whether I understand you correctly:
- with passphrase: key is generated by hashing a passphrase typed in
while booting
- key is a file on a USB stick
The other information or configuration I was referring to is cipher
algos, key lengths, ... for certain devices which can be kept as an
ordinary configuration file beneath /etc.
Nils
--
Nils Philippsen / Red Hat / nphilipp at redhat.com
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety." -- B. Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040705/a7119287/attachment.sig>
More information about the fedora-devel-list
mailing list