[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Unencrypted boot with encrypted root
From: |
Alex Griffin |
Subject: |
Re: Unencrypted boot with encrypted root |
Date: |
Tue, 07 Apr 2020 15:05:05 +0000 |
User-agent: |
Cyrus-JMAP/3.1.7-1084-gdc5e709-fmstable-20200406v2 |
On Tue, Apr 7, 2020, at 9:46 AM, Ludovic Courtès wrote:
> The difficulty is that any file traveling through the store is
> world-readable. It’s hard to avoid.
If we can create the key file outside of the store, then GRUB is capable of
being passed multiple initrds. So we can put the key in its own initrd (outside
of the store), continue to generate the normal initrd in /gnu/store, and pass
both of them to GRUB. The key never enters the store in any way.
The result is that the user only needs to enter a password into GRUB, because
GRUB then passes the key file to the kernel.
--
Alex Griffin
- Re: Unencrypted boot with encrypted root, (continued)
Re: Unencrypted boot with encrypted root, pelzflorian (Florian Pelz), 2020/04/03
- Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/04
- Re: Unencrypted boot with encrypted root, pelzflorian (Florian Pelz), 2020/04/04
- Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/06
- Re: Unencrypted boot with encrypted root, Ludovic Courtès, 2020/04/07
- Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/07
- Re: Unencrypted boot with encrypted root, Ludovic Courtès, 2020/04/07
- Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/08
Re: Unencrypted boot with encrypted root,
Alex Griffin <=
Re: Unencrypted boot with encrypted root, Vagrant Cascadian, 2020/04/07
Re: Unencrypted boot with encrypted root, Ellen Papsch, 2020/04/08
Re: Unencrypted boot with encrypted root, Alex Griffin, 2020/04/08
Re: Unencrypted boot with encrypted root, Vagrant Cascadian, 2020/04/08
Re: Unencrypted boot with encrypted root, Pierre Neidhardt, 2020/04/08
Re: Unencrypted boot with encrypted root, Alex Griffin, 2020/04/08