[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Unencrypted boot with encrypted root

From: Ludovic Courtès
Subject: Re: Unencrypted boot with encrypted root
Date: Tue, 07 Apr 2020 11:46:27 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)


Ellen Papsch <address@hidden> skribis:

> Am Samstag, den 04.04.2020, 12:18 +0200 schrieb pelzflorian (Florian
> Pelz):
>> Could key files help in passing the passphrase on to the
>> Linux kernel?  The Arch Wiki says this: [...]
> The key file would be another means of decrypting the master key, if I
> understand LUKS correctly. It would be independent of the passphrase.
> (In LUKS terminology, two slots are used).
> It would definitely help usability not having to enter a passphrase
> twice. The GUI/TUI installer should take care generating the file and
> ensuring strict permissions, so user processes cannot read it. There is
> still some risk, because root processes could read it. If the installer
> would support an external medium for the file, that would be best
> (IMHO).

The difficulty is that any file traveling through the store is
world-readable.  It’s hard to avoid.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]