Encrypted root filesystem support, again ;)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Encrypted root filesystem support, again ;)

Ilkka Tuohela-2

OK, now I have first version of a separate hook package for initramfs to
support mounting cryptsetup encrypted root filesystem. See

    http://ner.dy.fi/deb/

It's first working draft version, with following known problems:

o cryptsetup over LVM not tested at all: might work, at least I tried
  to implement it

o Not sure about the modules I add to the system: I try to modprobe
  aes-i586 aes blowfish during setup, but what really should be done
  here? What about other architectures, I should probably check if
  aes-$arch can be used but... well, have to look at it more

o If you don't use LUKS the 'ask passphrase again if invalid' loop
  is broken. I should use fstype to detect if it's valid etc., but
  I'm not sure what fstype returns: in addition I think we all should
  really use LUKS formatted root partition ;)

Minor issues:
o A couple of useless warning about /dev/cdrom (no idea if this comes
  from some another script actually
o during boot I get a lot of 'dm-linear: Device lookup failed' errors,
  might be unrelated to this as well (I'm booting 2.6.14 custom kernel)

So, when this package gets more mature how does it end up to ubuntu and
debian? I'm not official package maintainer for either.

The package must go to universe as long as cryptsetup is there: another
wish is that cryptsetup would actually move to main before dapper
release.

        *hile*


--
ubuntu-devel mailing list
[hidden email]
http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel