Re: Unencrypted boot with encrypted root

[Ellen Papsch]

Am Dienstag, den 07.04.2020, 22:19 +0200 schrieb Ludovic Courtès:
> Ellen Papsch <address@hidden> skribis:
> 
> 
> Sure, but what happens when you reconfigure?  You still need to have
> that file around so it can be added to the initrd.
> 

Does it really have to be added to initrd? From my other reply:

> These may be dangerous waters. The key file in initrd is like a house
> key under the mattress. A malicious process could look in the well
> defined place and exfiltrate the key. Think state trojan horses. A
> random name would not suffice, because other characteristics may help
> identifying the file (i.e. size).

> I think* Guix would burden itself too much with secrets. It's
> something for the user and the installer should just make it more
> convenient, with a nudge to a more secure setup. The key file should
> be stored in a user specified location, preferably a pen drive (which
> is otherwise not used). It can be removed, so no read can occur by
> arbitrary processes. A passphrase should be added as backup.
> 
> (*) as non-guru

reconfigure would not have to touch the file at all, if it were a user
supplied file name. I'm aware other files are often put in the store by
references in operating-system (or inlined). The secrets file on the
other hand should just be assumed to be there. Initrd should try to
mount the drive.

Best regards