[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LUKS Encryption and Fingerprint readers?
|
From: |
TJ |
|
Subject: |
Re: LUKS Encryption and Fingerprint readers? |
|
Date: |
Sat, 31 Aug 2013 10:09:02 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8 |
On 30/08/13 20:22, Glenn Washburn wrote:
>> I'd still like GRUB to be able to read a key-file rather than a typed
>> pass-phrase, and have the key-file hidden on a (second) small (1GB)
>> randomised-data USB flash device (no file-system) so even the
>> operator can't be sure where to find the bytes that unlock it.
>
> Again. If your initrd and kernel are unencrypted on the USB, then you
> don't need keyfile support or any encryption support in grub.
The USB device(s) will be encrypted.
>> If we can figure it out we'd like to be able to configure/unlock
>> different LVM volumes based on which LUKS slot is used to unlock,
>> too, and log the LUKS attempts from GRUB.
>
> This really doesn't make sense. LVM volumes aren't "unlocked", LUKS
> volumes sure.
There will be multiple layers of encryption using different keys. The LVMs
within the whole-disk encryption will have different keys. Not all users will
have access to the same collection of keys.
It doesn't look too difficult to add patches to achieve what I'm aiming for.