[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Root filesystem encryption update





On 6/19/07, Peter Jones <pjones redhat com> wrote:
Tony Nelson wrote:
> At 4:50 PM -0500 6/18/07, Bruno Wolff III wrote:
>> On Mon, Jun 18, 2007 at 16:51:55 -0400,
>>  Jeremy Katz <katzj redhat com> wrote:
>>> On Mon, 2007-06-18 at 14:07 -0500, Bruno Wolff III wrote:
>  ...
>>>> Heck, for key maps there probably aren't so many that you can't try
>>>> multiple possibilities after getting the password.
>>> There are at least 30-40 that we allow in the installer alone at the
>>> console.  find -type f /lib/kbd/keymaps/i386 | wc -l gives around 140.
>>> I don't think that trying either is really that practical.
>> 40 probably isn't too many to make trying them all impractical. I expect
>> that it will take less than a second to try each one even with measures
>> to slow down password guessing. That's not nice for suspend resume, but
>> wouldn't be a deal breaker for initial boots.
>  ...
>
> Couldn't it just start with the one that worked last time?

Not really.  We need to ask for the passphrase during thaw, in the
initrd.  At that time, the filesystem containing /boot is in the mounted
state, so we can't mount it to write the data anywhere.  There's also no
mechanism to pass data from the running kernel to the one we're
restoring into memory, which means we can't save the data during the
userland thaw sequence, either.

I think we might be putting the cart before the horse.   A user would be thawing from hibernation on a machine with an *existing* installation.   Therefore language, and keymaps would have been chosen (during installation) prior to the hibernate operation.  

Could it be possible to store the keyboard map in the initrd.    During the install we select all of these.  So, adding an option to /etc/sysconfig/mkinitrd for KEYMAP and/or LANGUAGE and saving/loading it in the initrd (by regeneration) after installation should be pretty straightforward.   We could switch to the encryption options after keyboard/language has been selected/loaded.  

Is this even plausible?


--
The early bird may get the worm, but the it's the second mouse that gets the cheese.
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]