[pkg-cryptsetup-devel] contribution offer - LUKS system encryption with detached header

Jonas Meurer jonas at freesources.org
Thu Oct 25 06:59:50 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Jim,

Am 24.10.2012 03:44, schrieb Jim F:
> I modified a couple of initramfs-tools scripts to allow system 
> encryption with a detached LUKS header. Everything but /boot is 
> encrypted and the header can be either a partition, or a file in
> the initrd in /boot. So /boot and the header can be on a separate
> device, e.g. a USB thumb drive, and the system drive can have only
> encrypted data with no indication that it's LUKS encrypted.

sounds interesting. How did you implement support for detachted LUKS
header? Please send your patches to this list.

> I'm writing to see if the changes can be made part of the
> cryptsetup package.
> 
> I did this some months ago so I have the modified 1.1.3 scripts
> working with the 1.4.1 cryptsetup I built which was the latest at
> the time. I was thinking about applying the changes to 1.4.3 which
> is what Debian testing currently has. But 1.5.1 has just been
> released so I thought I'd check to see which version you suggest
> making the changes to.

cryptsetup 1.5 is not packaged for Debian yet, and I don't intend to
do so in time for wheezy. 1.5 introduced a new binary (verifysetup). I
think it's too late in release process to push that new version into
wheezy.

You can either patch the latest Cryptsetup package in Debian/Unstable
(2:1.4.3-2) or use
http://svn.debian.org/wsvn/pkg-cryptsetup/cryptsetup/trunk

Greetings,
 jonas


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQiONfAAoJEFJi5/9JEEn+sdIP/jpjJYC2gkB2CvIX7ZaUgwGK
AtUsVu/di3htA4QVhr2wadqQHBF4oAICFzCUAZ31D2BpEC0zEeNB71SRmsi9q21A
qNByLMC6YZ9dFCFRNEfHrBfCgT9lWqVMBVWjor1QTdZW1uY00T+EAQovqAycIzsX
Q+JvDWnWVgaz5ueeEjxOuR7qb3oUiPUW/rcU5aO/liseBPpPTwfe/AoXvdsOMhwf
XwJz/UzTOpeFBW6C22SoI1D1z3Us8hjHAIASLDV/DQ1b+c5LuMudJ2DANjjyFKtk
jZX2dEOnr8kXn8bodkGOVNMJeWNgsOZYD9BfJpl+A9dpdJ10oEsUNKv8jpCZQV6X
TrLtNZH1So0w+DOVVaLSKMWFrXT+yw1p57ftdCxJGC9yDDJYwWtDq3p+R0K57Mt9
BTQmxcmjGlw8jB4yd3jKJlkeEdGhVHpBh/ij9sIGk9lTWHek0ZuKnrReQUvhnFYh
PGtlunpIipGB3SjuWcFQ+UUcqaAa5HvDwzt3+KfI+jkSb9qj+2HK6c+W7loVNde0
OT00rmXfAy2H3ChcQKWqwqq5HdnyGxyNc8aaBuEtFg1BqAQtUalz2Uk27+twIe0S
sMCApbwvVHWCiWJRBxNuvCOX9nYtZmlKNu95B85s+31GH7Gf16LNJiziQeUREXcl
2gP/K+FOgs0uaj4P25G6
=XqsS
-----END PGP SIGNATURE-----



More information about the pkg-cryptsetup-devel mailing list