[Buildroot] LKUS in buildroot 2023.02.9

[Buildroot] LKUS in buildroot 2023.02.9

[Zvi Vered]

[-- Attachment #1.1: Type: text/plain, Size: 346 bytes --]

Hello,

I'm booting an x86 Intel CPU using Linux 4.9.20 (32 bits) and buildroot
2023.02.9
I consider using LKUS in order to encrypt the disk.
Is it a wise decision ?

The motivation: If someone will steal the disk, it will be difficult to
copy its contents.

I can not use hardware encryption because I cannot replace the disk.

Thank you,
Zvika

[-- Attachment #1.2: Type: text/html, Size: 524 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] LKUS in buildroot 2023.02.9

[Peter Korsgaard]

>>>>> "Zvi" == Zvi Vered <veredz72@gmail.com> writes:

 > Hello,
 > I'm booting an x86 Intel CPU using Linux 4.9.20 (32 bits) and buildroot
 > 2023.02.9
 > I consider using LKUS in order to encrypt the disk.
 > Is it a wise decision ?

LKUS? Do you mean LUKS (Linux Unified Key Setup)? LUKS is good (but is
just a standard for describing the encryption meta data).

Any specific reason for using such an old Linux kernel version?


 > The motivation: If someone will steal the disk, it will be difficult to
 > copy its contents.

 > I can not use hardware encryption because I cannot replace the disk.

Like always with encryption, the difficult part is handling the
encryption key - Especially if the system is to boot unattended.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] LKUS in buildroot 2023.02.9

[Zvi Vered]

[-- Attachment #1.1: Type: text/plain, Size: 1110 bytes --]

Hi Peter,

Thank you for very much for your reply.

The reason for using 4.9.20 is that this is 6 years old system.
I cannot upgrade the kernel due to customer decision.

What do you mean by "is to boot unattended" ?

Thank you,
Zvika


On Wed, 31 Jan 2024, 00:03 Peter Korsgaard, <peter@korsgaard.com> wrote:

> >>>>> "Zvi" == Zvi Vered <veredz72@gmail.com> writes:
>
>  > Hello,
>  > I'm booting an x86 Intel CPU using Linux 4.9.20 (32 bits) and buildroot
>  > 2023.02.9
>  > I consider using LKUS in order to encrypt the disk.
>  > Is it a wise decision ?
>
> LKUS? Do you mean LUKS (Linux Unified Key Setup)? LUKS is good (but is
> just a standard for describing the encryption meta data).
>
> Any specific reason for using such an old Linux kernel version?
>
>
>  > The motivation: If someone will steal the disk, it will be difficult to
>  > copy its contents.
>
>  > I can not use hardware encryption because I cannot replace the disk.
>
> Like always with encryption, the difficult part is handling the
> encryption key - Especially if the system is to boot unattended.
>
> --
> Bye, Peter Korsgaard
>

[-- Attachment #1.2: Type: text/html, Size: 1845 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] LKUS in buildroot 2023.02.9

[Peter Korsgaard]

>>>>> "Zvi" == Zvi Vered <veredz72@gmail.com> writes:

 > Hi Peter,
 > Thank you for very much for your reply.

 > The reason for using 4.9.20 is that this is 6 years old system.
 > I cannot upgrade the kernel due to customer decision.

OK.

 > What do you mean by "is to boot unattended" ?

Encrypted disks means that you need to provide an encryption key.

On a normal PC this is normally done by interactively letting the user
type it in at each boot, but most embedded systems needs to be able to
boot unattended (E.G. without a user manually typing in a password), so
you need to store the encryption key somewhere safe.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot