[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/2] plainmount: Support decryption of devices encrypted in p
|
From: |
Milan Broz |
|
Subject: |
Re: [PATCH 1/2] plainmount: Support decryption of devices encrypted in plain mode. |
|
Date: |
Mon, 31 Jan 2022 12:15:14 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.1 |
On 30/01/2022 20:40, Maxim Fomin wrote:
This patch introduces support for plain encryption mode (plain dm-crypt) via
new module and command named 'plainmount'. The command allows to open devices
encrypted in plain mode (without LUKS) with following syntax:
+
...
+#define GRUB_PLAINMOUNT_UUID "00000000000000000000000000000000"
+#define GRUB_PLAINMOUNT_CIPHER "aes-cbc-essiv:sha256"
+#define GRUB_PLAINMOUNT_DIGEST "ripemd160"
+#define GRUB_PLAINMOUNT_KEY_SIZE 256
+#define GRUB_PLAINMOUNT_SECTOR_SIZE 512
Sooner or later we will have to change this default in cryptsetup
(as ripemd and CBC mode are no longer the best options) and you
you will create data corruption here (as there is no way in plain
mode to check that the mode is set correctly).
Not sure if it is possible, but in normal system it should be required
that these parameters are set in /etc/crypttab, grub should perhaps
require explicit setting them in config too?
Milan