[Bug 1215504] Re: allow luks encrypted casper-rw persistent file (patch)

Ed N. ed056 at hotmail.com
Sat Jun 18 12:09:20 UTC 2016 

This would be a very useful feature.  I avoid using persistence due to
security concerns if the usb is lost and things line my Ubuntu One login
were on it. (which has happened to me.) The fix looks trivial to me and
I'm sure it would get a lot of usage if available and known.

This article covers the change needed.
https://archimedesden.wordpress.com/2013/09/12/encrypted-persistent-storage-on-ubuntu-livecd/

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to casper in Ubuntu.
https://bugs.launchpad.net/bugs/1215504

Title:
  allow luks encrypted casper-rw persistent file (patch)

Status in casper package in Ubuntu:
  Triaged

Bug description:
  Currently the casper-rw persistent file can not be an encrypted
  container.  The distribution livecd would be a more valuable product,
  if it allowed persistence to an encrypted container.  The persistence
  feature of the livecd is very likely to be used on removable media,
  such as a usb flash drive.  These are generally small and thus easily
  lost or misplaced.  This could prove to be a security issue if it
  contains sensitive data.

  I've attached a patch which allows casper to detect when the casper-rw
  file is a luks encrypted container.  It will then ask the user for the
  password, unlock the container, and use the unencrypted device as if
  it were an unencrypted casper-rw.  This is a basic, self-contained
  solution to this issue.

  A better solution would be to re-use the "setup_mapping" function in
  /scripts/local-top/cryptroot from initramfstools to setup the crypto
  device.  However, it is currently not possible to source this function
  from another script because cryptroot calls "exit".

  What this patch does not support:
  * using a keyfile to decrypt the luks device
  * support for persistent, encrypted device partitions (must use an encrypted file on a supported filesystem)
  * support for other encrypted container formats (true-crypt, loop-aes, etc..)

  Reference:
  * http://ubuntuforums.org/showthread.php?t=1044182
  * http://ubuntuforums.org/showthread.php?t=1171612

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/casper/+bug/1215504/+subscriptions

More information about the foundations-bugs mailing list