Using encrypted disks

Tom London selinux at gmail.com
Sun Apr 13 18:33:18 UTC 2008


On Sun, Apr 13, 2008 at 7:30 AM, Bruno Wolff III <bruno at wolff.to> wrote:
> On Sat, Apr 12, 2008 at 17:40:47 -0700,
>
>   Tom London <selinux at gmail.com> wrote:
>
> > On Sat, Apr 12, 2008 at 2:27 PM, Bruno Wolff III <bruno at wolff.to> wrote:
>  > >
>
> > >  I am not sure what special about that casing is resulting in you not
>  > >  getting prompted for a password, but udev (and its rules) would be
>  > >  where you can customize this.
>  > >
>  > I think you misunderstand.
>  >
>  > I get prompted (via pop up window that identifies the drive and asks
>  > for the password).   I attach a typical prompt window.
>
>  That is different than what I see. I get text prompts during the boot
>  process. (There are actually two parts to this since / and swap need to
>  get going before udev is started and two other encrypted partitions
>  get mounted by udev.) None of these supply the name of the file system
>  being dealt with. I was thinking of filing a bug, but didn't really want
>  to push the guys that spent a lot of time working on this so close to the
>  release. It really is a pretty minor thing compared to getting the feature
>  to work. Also I am not sure of what information is really available at
>  that point. There is a luks uuid, but I wasn't asked to enter any human
>  readable kind of label. In many cases the encryption will be right below
>  the file system and the mount point or label information may be readily
>  available, but in cases where people are separately encrypting each
>  element of a raid array, that information may not be as useful.
>

I've created a 'quick and dirty' patch to gnome-mount that adds the
device file name (e.g., "/dev/sdb3") to the dialog box, so now you get
both "drive name" and "dev-file name".

In my case, just this limited added information is enough for me to
enter the proper password/passphrase for devices that I plug in after
the system is booted and gnome is up.

I can certainly imagine some additional thinking about what is the
"right information" to display. And I can certainly believe that
different use cases may have different answers.

Does Luks provide for a "comment" or "label" in the header (other than
the UUID)? If so, that combined with the UUID would be very helpful.

I've posted the "one liner" patch to
https://bugzilla.redhat.com/show_bug.cgi?id=231841

tom
-- 
Tom London




More information about the fedora-test-list mailing list