grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Keyfile Support for GRUBs LUKS


From: Vladimir 'φ-coder/phcoder' Serbinenko
Subject: Re: Keyfile Support for GRUBs LUKS
Date: Fri, 22 Nov 2013 04:01:21 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20131005 Icedove/17.0.9

On 21.11.2013 20:34, Ralf Ramsauer wrote:
> On 11/21/13 16:31, Vladimir 'phcoder' Serbinenko wrote:
>>
>> Why do you need offset and size options? keyfile option should be
>> repeteable. The whole array would be passed down and file would be
>> opened instead before reading password and concatebated with it unless
>> --no-password was specified as well. If you have remaining questions
>> feel free to ask here or on IRC.
>>
> See man 8 cryptsetup:
>  /      --keyfile-offset value//
> //              Skip value bytes at the beginning of the key file. 
> Works with all commands that accepts key files.//
> //
> //       --keyfile-size, -l value//
> //              Read a maximum of value bytes from the key file. 
> Default is to read the whole file up to the compiled-in maximum that can
> be queried with --help. Supplying more data than the compiled-in maximum
> aborts the operation.//
> //
> //              This option is useful to cut trailing newlines, for
> example. If --keyfile-offset is also given, the size count starts after
> the offset.  Works with all commands that accepts key files./
> 
Cutting trailing newlines throuch such options is IMHO inelegant and
would require more scripting than we currently have. Also those options
result in ambiguous syntax if you have multiple keyfiles (like geli). I
think it's better to skip those options, at least for now.


Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]