[pkg-cryptsetup-devel] Bug#969286: cryptsetup-suspend: Make it possible to exclude key from initramfs
Birger Schacht
birger at debian.org
Sun Aug 30 20:24:43 BST 2020
Package: cryptsetup-suspend
Version: 2:2.3.3-3+exp1
Severity: normal
X-Debbugs-Cc: birger at debian.org
Dear Maintainer,
when having /boot on an encrypted root partition and adding a key to a
second key slot (as described in [0]) cryptsetup-suspend uses this key
to unlock the volume on resume.
This defeats the purpose of cryptsetup-suspend (at list in my threat
model ;) ) - maybe there can be an option to *not* include the key in
the initramdisk in the case of cryptsetup-suspend and it is only
possible to unlock on resume using a password?
cheers,
Birger
[0] https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html#avoiding-the-extra-password-prompt
-- Package-specific info:
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cryptsetup-suspend depends on:
ii cryptsetup-initramfs 2:2.3.3-1
ii libc6 2.31-3
ii libcryptsetup12 2:2.3.3-1+b1
ii systemd 246-2
cryptsetup-suspend recommends no packages.
cryptsetup-suspend suggests no packages.
-- no debconf information
More information about the pkg-cryptsetup-devel
mailing list