[pkg-cryptsetup-devel] Bug#589641: cryptsetup: keyscripts depending on /usr/* content fail when /usr is encrypted and not on the root-filesystem

Christoph Anton Mitterer calestyo at scientia.net
Mon Jul 19 13:37:41 UTC 2010


Package: cryptsetup
Version: 2:1.1.3-1
Severity: important


Hi.

I have not tried this out, nevertheless I'm quite sure it happens as I describe:

- In Debian, it's totally ok, to have /usr on non-root-filesystems (even remote filesystems are ok,
  but I guess that's rather stupid when it comes to disk encryption.

- It's also completely ok (and very reasonable in order to secure against offline attacks)
  to encrypt /usr.

- Many keyscripts depend on content within /usr, e.g. my personal OpenPGP key scripts, or openct,
  opensc and openssl)


It's quite obvious that this will fail:
The root-fs itself can be well decrypted (everything needed is in the initramfs), but then
we pivot root, and all that stuff is gone... as soon as we try to decrypt any other device which
uses a keyscript with dependecies in /usr,.. (e.g. /usr-fs itself)... we'll fail.


I guess there is no solution but one:
Decrypt all such devices in the initramfs image.

But this has of course many problems:
a) In case we support multilayered block devices,... (as described here:
   http://wiki.debian.org/AdvancedStartupShutdownWithMultilayeredBlockDevices )
   we're fucked ^^... well at least everything gets extremely complicated
b) If we'd already mount more than just root-fs during initramfs... will the
   normal init-system boot break?


Cheers,
Chris.





More information about the pkg-cryptsetup-devel mailing list