[pkg-cryptsetup-devel] Streamlining the boot process when using multiple volumes
Luke Faraone
lfaraone at debian.org
Wed Jul 29 07:15:10 UTC 2015
Hi cryptsetup maintainers,
One often-requested[1] feature of cryptsetup is simplifying decrypting
multiple volumes which use the same passphase.
Would a patch that adds a frontend to (or modifies) cryptsetup to
temporarily store a user-provided passphrase in e.g. the Linux key
retention service[2], attempt to reuse it for future volumes (if any),
and clear out stored keys before exiting the early boot process be
something that might be accepted?
From reading the responses to bug #707591[3], it looks like there were
some concerns about the storage of passphrases for longer than needed.
Relying on the kernel's API for key retention and management, I hope,
would assuage such concerns.
Cheers,
Luke Faraone
(I am not subscribed to this list; please CC me on replies)
[1]: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/139057
[2]: https://www.kernel.org/doc/Documentation/security/keys.txt
[3]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=707591
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20150729/7140ac5f/attachment.sig>
More information about the pkg-cryptsetup-devel
mailing list