[Pkg-cryptsetup-devel] Re: Status of partman-crypto

[Jonas Meurer]

On 06/03/2006 Max Vozeler wrote:
> Here is a rough overview of the current status and my plans for
> it. I'm CCing cryptsetup maintainers to ask if you guys would
> be interested in helping with LUKS support in partman-crypto -
> please see below for more about this.

generally yes, i'dd be glad to help with cryptdisk support in
debian-installer. i cannot speak for the other members of the
pkg-cryptsetup team, but i believe that especially work related to
cryptsetup and LUKS could be done by us.

> [...]
>   2. cryptsetup-LUKS support
> 
>      Work has not started on this yet. 
>      
>      My estimation is that it won't be difficult to get working.
>      I don't have much experience with cryptsetup and don't know
>      enough about what are considered best practices, so I've not
>      started to work on this myself. I would be very happy to join
>      forces with people knowlegeable about it and extend/change
>      partman-crypto and get it working.
> 
>      This is a call and offer for help with LUKS :-) Please get 
>      in touch if you are interested. It would be great to have a
>      chat about how this support would look. Since I have some 
>      free time in the next weeks, I'll start to look into this 
>      and send lots of questions to cryptsetup maintainers :-)

don't hesitate to send questions. but i'm not sure where to start
currently. i read the partman-crypto wiki page, the meeting logs and the
README file in parman-crypto svn, but i'm not sure that i understood how
partman works. is partman a native d-i project, or is it a thirdparty
software that is used in d-i?

also, what exactly is partman-crypto intended to do?
- configure a partition as encrypted, specify type (loop-aes, dm-crypt,
  luks), cypher
- prepare the partition for encryption (initialize a LUKS partition,
  choose a passphrase or key)
- start the decryption, make the decrypted device available in a way
  that it can be mounted
- configure the system in a way that this is kept after reboot.

anything else?

>   3. Random sources for key generation.
>      
>      For loop-AES it is essential that we have a good source of
>      entropy to allow us to extract the required amount of random
>      key data from /dev/random in finite time. Currently the low
>      amount of entropy inside d-i makes the key generation block 
>      for a long time. (I'm not sure how important this point is 
>      for key generation in LUKS setups.)

for LUKS setup this point is quite unimportant, but for preparing such a
setup it might be important. as far as i know, cryptsetup itself doesn't
use random entropy, but i might be wrong.
but ideally the device should be filled with random data before it is
initialized as encrypted (choose_partition/crypto in the README). this
indeed needs lots of random entropy.

another issue is encrypted swap/tmp partitions. they should not have a
persistent key. ideally they use /dev/random as key. this makes them
incompatible with luks (luks needs a persistent key), but with plain
dm-crypt devices there is no problem.

>      The plan here is to solicit input from people who maintain
>      packages related to entropy gathering in Debian, and find a 
>      solution that will make the key generation less painful. This
>      may be possible to do by having a daemon like rngd that is fed
>      from hardware rngs, audio-entropyd, video-entropyd and other
>      potential sources depending on their availability.

sounds like a good plan ;-)

...
 jonas