[Bug 1223622] Re: add support for crypttab mounting of luks devices with detached headers

[Attila Lendvai]

security risk? that doesn't make much sense... in normal installs both
/boot and the luks headers are lying there on the disks unencrypted. i
don't see how packing the luks headers into the initramfs (/boot) could
make that any worse?

i'm not a linux guru by any means, but AFAIU:

  - grub loads the kernel and the initramfs (from /boot, but not as a
    normal mount, but as some lower level infrastructure)

  - jumps to the kernel entry point address, passing it the initramfs
    as a memory address. at this point nothing is mounted.

  - boot scripts in initramfs start to get executed and reach the
    point of mounting rootfs. at this point /boot is probably not
    mounted yet, but i don't see any obvious obstacles why it couldn't
    be mounted before the rootfs, except that i have no clue about how
    linux mount work. rootfs gets mounted as / after all, maybe that's
    a headache if there's stuff like /boot already mounted.

thanks for looking into this! plausible deniability is becoming more
and more important now that poeple go to jail even in the the western
"free" democracies for as little as not giving out passwords...

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to cryptsetup in Ubuntu.
https://bugs.launchpad.net/bugs/1223622

Title:
  add support for crypttab mounting of luks devices with detached
  headers

Status in cryptsetup package in Ubuntu:
  Confirmed

Bug description:
  A detached luks header for a luks device is a new feature in
  cryptsetup 1.4.  This is a feature request to allow the unlocking of
  luks devices with detached headers, both as a root device (ie in the
  initrd) as well as using the init system.

  The attached patch only solves part of the issue, support in the init
  system.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1223622/+subscriptions