From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from v1.tansi.org (mail.tansi.org [84.19.178.47]) by mail.server123.net (Postfix) with ESMTP for ; Fri, 28 Apr 2017 09:22:23 +0200 (CEST) Received: from gatewagner.dyndns.org (77-56-144-126.dclient.hispeed.ch [77.56.144.126]) by v1.tansi.org (Postfix) with ESMTPA id 990B71401D4 for ; Fri, 28 Apr 2017 09:22:17 +0200 (CEST) Date: Fri, 28 Apr 2017 09:22:22 +0200 From: Arno Wagner Message-ID: <20170428072222.GA25628@tansi.org> References: <20170427150902.GA13598@linux.vnet.ibm.com> <1e315fda-40da-8ea8-020e-0cb34f2c4207@eschenberg.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1e315fda-40da-8ea8-020e-0cb34f2c4207@eschenberg.eu> Subject: Re: [dm-crypt] Managing wrapped key ciphers with cryptsetup List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de I think hardware-specific stuff has no place in cryptsetup. Get a kernel-driver and then create a wrapper that feeds the key to cryptsetup, anything else is a bad design. And if you want a system that is secure against root, then do not use Linux. Seriously. Regards, Arno On Thu, Apr 27, 2017 at 22:06:35 CEST, Sven Eschenberg wrote: > Hi Hendrik, > > The protability of the on disk format includes, that I can basicly > reimplement cryptsetup from scratch, without relying on the current status > quo. Moreover I even don't need to use kernel crypto stuff at all to i.e. > create a decrypted image of the data. > Your HSM specific changes would be tied into cryptsetup, but if I followed > the current specification, and had the corresponding HSM, I still would need > the 'specifics' regarding the HSM and how to use it, to set up the actual > mapping. > > If you got some spare time: > https://mbroz.fedorapeople.org/talks/DevConf2016/devconf2016-luks2.pdf > > If the new format comes to life and allows for plugins, then if I > reimplemented cryptsetup and had no suiting plugin for a HSM or say a > cryptocard or whatever, I can not setup the mapping. But I'd know that I am > prone to fail, since I lack the plugin I am supposed to use. > > Now, in contrast, if you hack the HSM supprt into cryptsetup, there's no on > disk indication and that is not really portable anymore. > > Regards > > -Sven > > Am 27.04.2017 um 17:09 schrieb Hendrik Brueckner: > >Hi Milan, > > > >> > >>LUKS1 is portable format, we cannot bind the format to specific hardware. > > > >We considered that point in the merge request. It keeps LUKS1 as a > >portable format, there are no changes on the LUKS1 format or header. > >Of course, there are some differences when using wrapped keys, but these > >have been addressed without affecting the on-disk-format structure. > > > > > >Thanks and kind regards, > > Hendrik > > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier