Root filesystem encryption update
Thomas Swan
thomas.swan at gmail.com
Mon Jun 18 14:53:55 UTC 2007
The UUID works fine without bash for unencrypted ext3 partitions. The UUID
hack I am talking about is for finding which device to decrypt based on the
UUID of the LUKS partition.
On 6/18/07, Karsten Hopp <karsten at redhat.com> wrote:
>
> Thomas Swan schrieb:
> > Here's another go.
> >
> > This patch applies to the current mkinitrd SRPM set (except the
> > mkinitrd.spec file) and the patched mkinitrd package is available via
> > yum at < http://www.cygnetech.com/linux/repos/>
> >
> > I incorporated the feedback I have received and have changed the patches
> > to use options stored in /etc/sysconfig/mkinitrd.
> >
> > I have one option in development that will let you boot and reference
> > the root filesystem by UUID, but it's not finished yet. The current
> > developmental UUID hack relies on bash and find included in the initrd
> > image, but I want a static binary or cryptsetup patch.
> >
> > I'm also exploring creating some screens for anaconda, but that's a
> > steep learning curve.
> >
> > Should encryption be an option on the disk partition option or an option
> > to pick the type of installation right after the greeting?
> >
>
>
> UUID support needs a patch in e2fsprogs which I've submitted upstream for
> review some time ago. This makes bash hacks obsolete. My system is running
> with UUIDs only in fstab and crypttab, there are no hardcoded device names
> required anymore.
> Please note that I've achieved this with the mkinitrd patch available in
> https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124789 , but I'll
> take
> a look at your patch as well.
> There's also a wiki page about encryption at
> http://fedoraproject.org/wiki/Releases/FeatureEncryptedFilesystems
>
> Regards
>
> Karsten
>
>
> --
> Karsten Hopp | Mail: karsten at redhat.de
> Red Hat Deutschland | Tel: +49-711-96437-0
> Hauptstaetterstr.58 | Fax: +49-711-613590
> D-70178 Stuttgart | http://www.redhat.de
>
> --
> fedora-devel-list mailing list
> fedora-devel-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-devel-list
>
--
The early bird may get the worm, but the it's the second mouse that gets the
cheese.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070618/fdfc871c/attachment.htm>
More information about the fedora-devel-list
mailing list