[pkg-cryptsetup-devel] Regarding bug#904899 and wanted interfaces

Teddy Hogeborn teddy+pkg-cryptsetup at recompile.se
Mon Aug 20 16:09:16 BST 2018 

Hi,
A while ago we as maintainers and developers of Mandos received a
friendly bug report (bug#904899) to not use the internal behavior of
cryptsetup during initramfs, and was encouraged to update to the new
documented interfaces and ask if we needed any extensions.

A brief summary of Mandos just to give context. Mandos enabled remote
and/or unattended reboots of servers with encrypted disk by providing
the password during initramfs automatically through the network (there
are more technical details but I am trying to keep it short). The
project was created in 2007 and has been included in Debian since 2008.

The above bug has been fixed: With the new interface of cryptroot-unlock
we now have the following process of interacting with cryptsetup:

1: Run a script in initramfs initdir "init-premount" and start a
   subprocess in the background in order to hide it from initramfs' init
   which would otherwise wait until the script ended.

2: The subprocess runs our client program, gets a password, and loops,
   running cryptroot-unlock repeatedly until it is ready and can accept
   a password.

3: Run a script in initramfs initdir "local-premount" which signals the
   subprocess that cryptsetup must have succeeded and the subprocess can
   now exit cleanly.

This process follows mostly the new documented interface from current
cryptsetup version in testing, through if cryptsetup changes which
initdir it runs in, our program would naturally break.

As a wishlist, it would be nice if there existed a plugin-style feature
for cryptsetup during initramfs. All that we need is to be started when
the password is needed and then closed when the device is decrypted. A
bonus would be to also get information about which device needs a
password, as currently there is an limitation in Mandos client of a
single FDE block device.

Teddy Hogeborn & Björn Påhlsson

-- 
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/attachments/20180820/1921808a/attachment.sig>

More information about the pkg-cryptsetup-devel mailing list