Re: Unencrypted boot with encrypted root

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unencrypted boot with encrypted root

From:	Ludovic Courtès
Subject:	Re: Unencrypted boot with encrypted root
Date:	Tue, 07 Apr 2020 11:46:27 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)

Hi,

Ellen Papsch <address@hidden> skribis:

> Am Samstag, den 04.04.2020, 12:18 +0200 schrieb pelzflorian (Florian
> Pelz):
>> Could key files help in passing the passphrase on to the
>> Linux kernel?  The Arch Wiki says this: [...]
>> 
>
> The key file would be another means of decrypting the master key, if I
> understand LUKS correctly. It would be independent of the passphrase.
> (In LUKS terminology, two slots are used).
>
> It would definitely help usability not having to enter a passphrase
> twice. The GUI/TUI installer should take care generating the file and
> ensuring strict permissions, so user processes cannot read it. There is
> still some risk, because root processes could read it. If the installer
> would support an external medium for the file, that would be best
> (IMHO).

The difficulty is that any file traveling through the store is
world-readable.  It’s hard to avoid.

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Unencrypted boot with encrypted root, (continued)
- Re: Unencrypted boot with encrypted root, pelzflorian (Florian Pelz), 2020/04/03
- Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/03
  - Re: Unencrypted boot with encrypted root, Pierre Neidhardt, 2020/04/03
    - Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/03
    - Re: Unencrypted boot with encrypted root, Guillaume Le Vaillant, 2020/04/03
    - Re: Unencrypted boot with encrypted root, Pierre Neidhardt, 2020/04/04
  - Re: Unencrypted boot with encrypted root, pelzflorian (Florian Pelz), 2020/04/03
    - Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/04
    - Re: Unencrypted boot with encrypted root, pelzflorian (Florian Pelz), 2020/04/04
    - Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/06
    - Re: Unencrypted boot with encrypted root, Ludovic Courtès <=
    - Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/07
    - Re: Unencrypted boot with encrypted root, Ludovic Courtès, 2020/04/07
    - Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/08
    - Re: Unencrypted boot with encrypted root, Alex Griffin, 2020/04/07
    - Re: Unencrypted boot with encrypted root, Vagrant Cascadian, 2020/04/07
    - Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/08
    - Re: Unencrypted boot with encrypted root, Alex Griffin, 2020/04/08
    - Re: Unencrypted boot with encrypted root, Vagrant Cascadian, 2020/04/08
    - Re: Unencrypted boot with encrypted root, Pierre Neidhardt, 2020/04/08
    - Re: Unencrypted boot with encrypted root, Alex Griffin, 2020/04/08

Prev by Date: Re: Syntax errors in latest guix-manual ru.po
Next by Date: Re: Feedback guix-hurd-20200401.img with qemu
Previous by thread: Re: Unencrypted boot with encrypted root
Next by thread: Re: Unencrypted boot with encrypted root
Index(es):
- Date
- Thread