From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1ZKV2p-000429-0h for mharc-grub-devel@gnu.org; Wed, 29 Jul 2015 13:21:31 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38032) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKV2h-0003xt-Iq for grub-devel@gnu.org; Wed, 29 Jul 2015 13:21:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZKV2Z-0005wv-TR for grub-devel@gnu.org; Wed, 29 Jul 2015 13:21:23 -0400 Received: from mail-la0-x22e.google.com ([2a00:1450:4010:c03::22e]:35100) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZKV2Z-0005wV-L3 for grub-devel@gnu.org; Wed, 29 Jul 2015 13:21:15 -0400 Received: by lahh5 with SMTP id h5so10462076lah.2 for ; Wed, 29 Jul 2015 10:21:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; bh=qbaav0VWglOrjCaCmZrt7d+/OT91/XZXbfzlCkA8ZCA=; b=tKDmuK3tzWyCkPR2+1RWeWuu0L+71aJbQ7GM9r+Y8lPq8wgSo02V3HO3O/JyobQBN+ pLEbo0CG97WB4QQ+l4g71y7cuXPHiS61R1wy4IHxXeRkweJT6YGdLmeAUG+ooHhB/scx UBW8HF+qCBmzE11n1SxCuzIr7+yd5HSX9oMBtJYLVE0dao8+tQn7z+PfNB65uEOZHIPT ehd80xvC3MozL6fBQQf0rqiXhCXmK6pi2nb8GGHO/MDpVw8roRCFM/MQcF8iL/GYAwBi mFyY67RwgjlRlS0CY7Gl6oGVq169/q0eq3CU+cA8GQQUqnffz60hqezYYb4r36kVSwuO YgPA== X-Received: by 10.152.179.42 with SMTP id dd10mr40110994lac.89.1438190474778; Wed, 29 Jul 2015 10:21:14 -0700 (PDT) Received: from opensuse.site (ppp91-76-6-204.pppoe.mtu-net.ru. [91.76.6.204]) by smtp.gmail.com with ESMTPSA id kv1sm5441330lbb.48.2015.07.29.10.21.14 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 29 Jul 2015 10:21:14 -0700 (PDT) Date: Wed, 29 Jul 2015 20:21:13 +0300 From: Andrei Borzenkov To: John Lane Subject: Re: Cryptomount enhancements - revised Message-ID: <20150729202113.0e588e6b@opensuse.site> In-Reply-To: <55B87749.6090406@jelmail.com> References: <1435588260-29456-1-git-send-email-grub@jelmail.com> <55B7CF21.3080808@jelmail.com> <55B87749.6090406@jelmail.com> X-Mailer: Claws Mail 3.11.0 (GTK+ 2.24.28; x86_64-suse-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4010:c03::22e Cc: grub-devel@gnu.org X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Jul 2015 17:21:29 -0000 =D0=92 Wed, 29 Jul 2015 07:48:41 +0100 John Lane =D0=BF=D0=B8=D1=88=D0=B5=D1=82: > On 28/07/15 22:38, Vladimir 'phcoder' Serbinenko wrote: > > > > Other than 3 and 5 they require difficult configuration. Mapping > > devices in GRUB isn't trivial. Those features are difficult to > > autoconfigure. Consider "plain" mode: how will you find which disk is > > yours when you have 5 disks all looking as random data? > > > > > I don't see what's difficult about providing a LUKs header and key but I > am aware of the issue re device identification in plain mode. However, > if one has a use-case for these crypto routines then I think that would > be a valid use-case for manually configuring grub.cfg if it's beyond > what autoconfiguration supports. If an end user wants to make the choice > then why deny him, just because it may be difficult to autoconfigure ? >=20 Yes, it appears people ask for it. At the end, the worst that can happen is reading garbage. > There does seem to be interest in this functionality. Surely > auto-configuration would't be a bar to supporting this? I don't think I > am the only one who thinks these features are useful... >=20 > Regarding device identification, I had some thoughts on that and was > willing to try implementing something. However I wanted to put this > patch-set to bed before starting on something else. >=20 One think I'd like is to separate self-identified containers managed by cryptomount and dmsetup-like stuff to avoid impression that it is fully supported.