Re: [dm-crypt] unlocking dm-crypt from grub - kernel in crypted volume

[Milan Broz <mbroz@redhat.com>]

On 08/23/2011 03:05 PM, Arno Wagner wrote:
> 
> Quite frankly, I doubt this increses security significantly.

>> For example passing the password in a safe way from grub to the kernel

IMHO without full implementation of "trusted boot" this will
just add some small amount of work for attacker without
real security increase.
And with "trusted boot" (whatever it means) grub loader integrity
should be verified before you enter passphrase.

In fact, it is just few instruction to add to grub module
to store entered passphrase somewhere on disk, CMOS, flash,
whatever is available for later use by attacker.
(Just another variation to "Evil maid" attack.)

Anyway, LUKS implementation in GRUB2 is completely independent
from upstream, so you can ask on grub devel list - they did not
tried to contact upstream if there is possibility
to share some code, so it contains full LUKS reimplementation
(but it is good for other reasons, though).

For kernel dm-crypt - I really do not want here things
like "encrypted passphrase" or similar concepts.
(Until some certification process forces me:-)

But I would like to add here concept of "passphrase handle"
IOW userspace will just hand over handle (id)
to some other subsystem where the key is stored
(Could be kernel keyring, some token, whatever).

Milan