[Bug 1215504] Re: allow luks encrypted casper-rw persistent file (patch)

Ubuntu Foundations Team Bug Bot 1215504 at bugs.launchpad.net
Thu Aug 22 16:19:55 UTC 2013 

The attachment "luks-persistent-img.ubuntu.patch" seems to be a patch.
If it isn't, please remove the "patch" flag from the attachment, remove
the "patch" tag, and if you are a member of the ~ubuntu-reviewers,
unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to casper in Ubuntu.
https://bugs.launchpad.net/bugs/1215504

Title:
  allow luks encrypted casper-rw persistent file (patch)

Status in “casper” package in Ubuntu:
  New

Bug description:
  Currently the casper-rw persistent file can not be an encrypted
  container.  The distribution livecd would be a more valuable product,
  if it allowed persistence to an encrypted container.  The persistence
  feature of the livecd is very likely to be used on removable media,
  such as a usb flash drive.  These are generally small and thus easily
  lost or misplaced.  This could prove to be a security issue if it
  contains sensitive data.

  I've attached a patch which allows casper to detect when the casper-rw
  file is a luks encrypted container.  It will then ask the user for the
  password, unlock the container, and use the unencrypted device as if
  it were an unencrypted casper-rw.  This is a basic, self-contained
  solution to this issue.

  A better solution would be to re-use the "setup_mapping" function in
  /scripts/local-top/cryptroot from initramfstools to setup the crypto
  device.  However, it is currently not possible to source this function
  from another script because cryptroot calls "exit".

  What this patch does not support:
  * using a keyfile to decrypt the luks device
  * support for persistent, encrypted device partitions (must use an encrypted file on a supported filesystem)
  * support for other encrypted container formats (true-crypt, loop-aes, etc..)

  Reference:
  * http://ubuntuforums.org/showthread.php?t=1044182
  * http://ubuntuforums.org/showthread.php?t=1171612

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/casper/+bug/1215504/+subscriptions

More information about the foundations-bugs mailing list