[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] plainmount: Support decryption of devices encrypted in p

From: Milan Broz
Subject: Re: [PATCH 1/2] plainmount: Support decryption of devices encrypted in plain mode.
Date: Mon, 31 Jan 2022 12:15:14 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.1

On 30/01/2022 20:40, Maxim Fomin wrote:
This patch introduces support for plain encryption mode (plain dm-crypt) via
new module and command named 'plainmount'. The command allows to open devices
encrypted in plain mode (without LUKS) with following syntax:

+#define GRUB_PLAINMOUNT_UUID        "00000000000000000000000000000000"
+#define GRUB_PLAINMOUNT_CIPHER      "aes-cbc-essiv:sha256"
+#define GRUB_PLAINMOUNT_DIGEST      "ripemd160"

Sooner or later we will have to change this default in cryptsetup
(as ripemd and CBC mode are no longer the best options) and you
you will create data corruption here (as there is no way in plain
mode to check that the mode is set correctly).

Not sure if it is possible, but in normal system it should be required
that these parameters are set in /etc/crypttab, grub should perhaps
require explicit setting them in config too?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]