From: TJ <grub-devel@iam.tj>
To: grub-devel@gnu.org
Subject: Re: LUKS Encryption and Fingerprint readers?
Date: Sat, 31 Aug 2013 10:09:02 +0100 [thread overview]
Message-ID: <5221B2AE.3000304@iam.tj> (raw)
In-Reply-To: <20130830142200.3cbeb0b0@crass-Ideapad-Z570>
On 30/08/13 20:22, Glenn Washburn wrote:
>> I'd still like GRUB to be able to read a key-file rather than a typed
>> pass-phrase, and have the key-file hidden on a (second) small (1GB)
>> randomised-data USB flash device (no file-system) so even the
>> operator can't be sure where to find the bytes that unlock it.
>
> Again. If your initrd and kernel are unencrypted on the USB, then you
> don't need keyfile support or any encryption support in grub.
The USB device(s) will be encrypted.
>> If we can figure it out we'd like to be able to configure/unlock
>> different LVM volumes based on which LUKS slot is used to unlock,
>> too, and log the LUKS attempts from GRUB.
>
> This really doesn't make sense. LVM volumes aren't "unlocked", LUKS
> volumes sure.
There will be multiple layers of encryption using different keys. The LVMs within the whole-disk encryption will have different keys. Not all users will have access to the same collection of keys.
It doesn't look too difficult to add patches to achieve what I'm aiming for.
next prev parent reply other threads:[~2013-08-31 9:09 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-15 16:51 LUKS Encryption and Fingerprint readers? TJ
2013-08-15 17:27 ` Vladimir 'φ-coder/phcoder' Serbinenko
2013-08-29 19:13 ` Glenn Washburn
2013-08-29 20:20 ` TJ
2013-08-30 19:22 ` Glenn Washburn
2013-08-31 9:09 ` TJ [this message]
[not found] ` <20130829202042.F058E193308@jmr5021.mindef.local>
2013-08-30 9:10 ` J.Witvliet
2013-08-30 14:38 ` Lennart Sorensen
2013-08-30 15:03 ` TJ
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5221B2AE.3000304@iam.tj \
--to=grub-devel@iam.tj \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).