[pkg-cryptsetup-devel] Announcement: Mandos - do unattended reboots with encrypted root
Teddy Hogeborn
teddy+pkg-cryptsetup at fukt.bsnet.se
Sat Oct 18 19:49:50 UTC 2008
(Resend without PGP encryption which apparently confused pipermail.)
Hi there; I just wanted all you cryptsetup folks to know about our new
free software project using cryptsetup: Mandos.
The goal of the Mandos system is to enable computers to have an
encrypted root file system and still be able to reboot automatically
without anyone having to be there and type in a password.
The computers run a small client program in the initial RAM disk
environment which will communicate with a server over a network. All
network communication is encrypted using TLS. The clients are
identified by the server using an OpenPGP key; each client has one
unique to it. The server sends the clients an encrypted password.
The encrypted password is decrypted by the clients using the same
OpenPGP key, and the password is then used to unlock the root file
system, whereupon the computers can continue booting normally.
The server with the passwords continually checks that the client
computers are still up, and if the client is gone for more than a
configurable length of time, the server no longer gives out the
password for that client.
Please read the FAQ in the README file for more information on the
security model:
http://bzr.fukt.bsnet.se/loggerhead/mandos/trunk/annotate/head:/README
Oh yes, the project's home page: http://www.fukt.bsnet.se/mandos
We use the Debian-specific features of the cryptsetup package for
installing into the initial RAM disk image. We also replace and
supplant the functionality currently supplied by the "askpass"
program; we instead use a system of plugins started in parallel - see
the web site, README file, and the documentation for the plugin runner
program for more information:
http://www.fukt.bsnet.se/mandos/man/plugin-runner.8mandos
We *are* looking for a sponsor for our Debian package; see here:
http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=mandos
I just thought you might find it interesting.
/Teddy, part of the Mandos Maintainer Team
More information about the pkg-cryptsetup-devel
mailing list