Using encrypted disks
Tom London
selinux at gmail.com
Sun Apr 13 18:33:18 UTC 2008
On Sun, Apr 13, 2008 at 7:30 AM, Bruno Wolff III <bruno at wolff.to> wrote:
> On Sat, Apr 12, 2008 at 17:40:47 -0700,
>
> Tom London <selinux at gmail.com> wrote:
>
> > On Sat, Apr 12, 2008 at 2:27 PM, Bruno Wolff III <bruno at wolff.to> wrote:
> > >
>
> > > I am not sure what special about that casing is resulting in you not
> > > getting prompted for a password, but udev (and its rules) would be
> > > where you can customize this.
> > >
> > I think you misunderstand.
> >
> > I get prompted (via pop up window that identifies the drive and asks
> > for the password). I attach a typical prompt window.
>
> That is different than what I see. I get text prompts during the boot
> process. (There are actually two parts to this since / and swap need to
> get going before udev is started and two other encrypted partitions
> get mounted by udev.) None of these supply the name of the file system
> being dealt with. I was thinking of filing a bug, but didn't really want
> to push the guys that spent a lot of time working on this so close to the
> release. It really is a pretty minor thing compared to getting the feature
> to work. Also I am not sure of what information is really available at
> that point. There is a luks uuid, but I wasn't asked to enter any human
> readable kind of label. In many cases the encryption will be right below
> the file system and the mount point or label information may be readily
> available, but in cases where people are separately encrypting each
> element of a raid array, that information may not be as useful.
>
I've created a 'quick and dirty' patch to gnome-mount that adds the
device file name (e.g., "/dev/sdb3") to the dialog box, so now you get
both "drive name" and "dev-file name".
In my case, just this limited added information is enough for me to
enter the proper password/passphrase for devices that I plug in after
the system is booted and gnome is up.
I can certainly imagine some additional thinking about what is the
"right information" to display. And I can certainly believe that
different use cases may have different answers.
Does Luks provide for a "comment" or "label" in the header (other than
the UUID)? If so, that combined with the UUID would be very helpful.
I've posted the "one liner" patch to
https://bugzilla.redhat.com/show_bug.cgi?id=231841
tom
--
Tom London
More information about the fedora-test-list
mailing list