From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mbroz@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Mon, 23 May 2011 09:09:52 +0200 (CEST)
Received: from int-mx12.intmail.prod.int.phx2.redhat.com
 (int-mx12.intmail.prod.int.phx2.redhat.com [10.5.11.25])
 by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id p4N79pBT029081
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
 for <dm-crypt@saout.de>; Mon, 23 May 2011 03:09:51 -0400
Received: from [10.36.7.233] (vpn1-7-233.ams2.redhat.com [10.36.7.233])
 by int-mx12.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id
 p4N79nsw020483
 for <dm-crypt@saout.de>; Mon, 23 May 2011 03:09:50 -0400
Message-ID: <4DDA083D.801@redhat.com>
Date: Mon, 23 May 2011 09:09:49 +0200
From: Milan Broz <mbroz@redhat.com>
MIME-Version: 1.0
References: <1306079582.2173.6.camel@localhost>
 <20110523001308.GB1338@tansi.org> <1306121752.2138.43.camel@localhost>
In-Reply-To: <1306121752.2138.43.camel@localhost>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Boot from fully encrypted disk which looks like
	unused
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
Cc: dm-crypt@saout.de

One simple change will be support for detached LUKS header in some
next version of cryptsetup.
So you can have header on separate (USB or so) device or in file.
The unlocked drive then does not contain any visible metadata then.

Milan