From: Andrei Borzenkov <arvidjaar@gmail.com>
To: John Lane <grub@jelmail.com>
Cc: grub-devel@gnu.org
Subject: Re: Cryptomount enhancements - revised
Date: Wed, 29 Jul 2015 20:21:13 +0300 [thread overview]
Message-ID: <20150729202113.0e588e6b@opensuse.site> (raw)
In-Reply-To: <55B87749.6090406@jelmail.com>
В Wed, 29 Jul 2015 07:48:41 +0100
John Lane <grub@jelmail.com> пишет:
> On 28/07/15 22:38, Vladimir 'phcoder' Serbinenko wrote:
> >
> > Other than 3 and 5 they require difficult configuration. Mapping
> > devices in GRUB isn't trivial. Those features are difficult to
> > autoconfigure. Consider "plain" mode: how will you find which disk is
> > yours when you have 5 disks all looking as random data?
> >
> >
> I don't see what's difficult about providing a LUKs header and key but I
> am aware of the issue re device identification in plain mode. However,
> if one has a use-case for these crypto routines then I think that would
> be a valid use-case for manually configuring grub.cfg if it's beyond
> what autoconfiguration supports. If an end user wants to make the choice
> then why deny him, just because it may be difficult to autoconfigure ?
>
Yes, it appears people ask for it. At the end, the worst that can
happen is reading garbage.
> There does seem to be interest in this functionality. Surely
> auto-configuration would't be a bar to supporting this? I don't think I
> am the only one who thinks these features are useful...
>
> Regarding device identification, I had some thoughts on that and was
> willing to try implementing something. However I wanted to put this
> patch-set to bed before starting on something else.
>
One think I'd like is to separate self-identified containers managed by
cryptomount and dmsetup-like stuff to avoid impression that it is fully
supported.
next prev parent reply other threads:[~2015-07-29 17:21 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-29 14:30 Cryptomount enhancements - revised John Lane
2015-06-29 14:30 ` [PATCH 1/5] Cryptomount support LUKS detached header John Lane
2015-06-29 14:30 ` [PATCH 2/5] Cryptomount support key files John Lane
2015-06-29 14:30 ` [PATCH 3/5] cryptomount luks allow multiple passphrase attempts John Lane
2015-06-29 14:56 ` John Lane
2015-06-29 14:30 ` [PATCH 4/5] Cryptomount support plain dm-crypt John Lane
2016-02-12 15:19 ` Vladimir 'φ-coder/phcoder' Serbinenko
2015-06-29 14:31 ` [PATCH 5/5] Cryptomount support for hyphens in UUID John Lane
2015-06-29 14:52 ` John Lane
2015-07-29 3:08 ` Andrei Borzenkov
2015-07-29 6:51 ` John Lane
2015-07-29 16:51 ` Andrei Borzenkov
2015-07-29 18:53 ` John Lane
2015-07-28 18:51 ` Cryptomount enhancements - revised John Lane
2015-07-28 21:38 ` Vladimir 'phcoder' Serbinenko
2015-07-29 6:48 ` John Lane
2015-07-29 17:21 ` Andrei Borzenkov [this message]
2015-08-01 16:22 ` John Lane
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150729202113.0e588e6b@opensuse.site \
--to=arvidjaar@gmail.com \
--cc=grub-devel@gnu.org \
--cc=grub@jelmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.