[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #57678] Add a possibility to transfer passphrase to OS when unlocki
From: |
Alexander Shchadilov |
Subject: |
[bug #57678] Add a possibility to transfer passphrase to OS when unlocking encrypted container |
Date: |
Mon, 27 Jan 2020 09:12:29 -0500 (EST) |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36 |
URL:
<https://savannah.gnu.org/bugs/?57678>
Summary: Add a possibility to transfer passphrase to OS when
unlocking encrypted container
Project: GNU GRUB
Submitted by: kadilov
Submitted on: Пн. 27 янв. 2020 14:12:27
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: Feature Request
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release:
Release: 2.02
Reproducibility: None
Planned Release: None
_______________________________________________________
Details:
Currently using GRUB with GRUB_ENABLE_CRYPTODISK option for unlocking
encrypted device may lead to a scenario when user needs to enter passphrase
twice, once for GRUB and once for OS booting software. If LUKS is used, a
common workaround that improves user experience involves generating a LUKS key
that is permanently stored inside the encrypted container.
Having a way to securely transfer the passphrase to OS would make possible a
more streamlined configuration.
Workarounds described in community documentation of Linux distributions:
https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#With_a_keyfile_embedded_in_the_initramfs
https://en.opensuse.org/SDB:Encrypted_root_file_system
This suggestion was originally posted by Andreas Stieger on openSUSE bug
tracker:
https://bugzilla.suse.com/show_bug.cgi?id=1137056#c1
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?57678>
_______________________________________________
Сообщение отправлено по Savannah
https://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [bug #57678] Add a possibility to transfer passphrase to OS when unlocking encrypted container,
Alexander Shchadilov <=