[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: system startup + cryptsetup



Gabor Walter wrote:
That modification should solve the problem by explicitly assigning the
response to $answer. It will then be properly read in the 'case'
statement.


That was it. Thanks a lot once again.

Happy to help.

BTW, out of curiosity, did you modify /etc/fstab?  Just wondering about
confirming new behavior, if any, in FC5, besides the LUKS changes to
gnome-mount, etc.


Yes, I did make the modifications you suggested.

Ok. So at least for now, that part of the process is unchanged in FC5. Thanks for that.

Another question. Is it necessary to explicitly unmount and close the
encrypted partition at shutdown? I am thinking of sort of a "reversed
luksopen'. Or will the system take care of it all?

I have not seen anything convincing to suggest that you need to explicitly unmount and close the mapped partition prior to shutdown. Of course with /home, the timing of that activity could be important.

As far as I have seen from comments (or the lack of them) elsewhere, the system will unmount the device at shutdown and the device mapping is also lost at that time. I suppose that if for some reason, the shutdown were interrupted in some fashion at the proper point, there might be a window of opportunity for compromise of the system, but that seems like a low probability scenario for most users.

There was a discussion of what luksClose actually does on the list I reference below (ie. does it scrub the master key from memory, etc.), but there was never a reply, so it remains unclear, presumably save a read of the code.

I have seen comments about explicitly unmounting and closing when one is using loopback devices rather than actual partitions, but since I don't use loopback devices, I have no personal experience with them.

If you want a verified answer from the experts, there is a dedicated e-mail list accessible via gmane's NNTP interface at:

http://news.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt

HTH,

Marc


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]