[opensuse-arm] Creating an encrypted image
Hi, Would it be possible to create an image for a device, say the Chromebook to use an encrypted filesystem by default? I'm being asked by a partner that would be interested in using openSUSE on the Chromebook providing the filesystem can be encrypted. -- Andrew Wafaa IRC: FunkyPenguin GPG: 0x3A36312F -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
Am 15.01.2013 um 02:21 schrieb Andrew Wafaa <awafaa@opensuse.org>:
Hi,
Would it be possible to create an image for a device, say the Chromebook to use an encrypted filesystem by default? I'm being asked by a partner that would be interested in using openSUSE on the Chromebook providing the filesystem can be encrypted.
If you want to create an image with a preconfigured key, this question obviously goes to Marcus :). The more interesting use case imho is an image that encrypts itself on first boot though - and this should be possible using normal overlay files. The system would boot up, ask you for a password to encrypt itself with, convert its root partition to be encrypted and then reboots into encrypted mode. And yes, mkinitrd and friends do support LUKS already :). Alex
-- Andrew Wafaa IRC: FunkyPenguin GPG: 0x3A36312F -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
Alexander Graf wrote:
Am 15.01.2013 um 02:21 schrieb Andrew Wafaa <awafaa@opensuse.org>:
Would it be possible to create an image for a device, say the Chromebook to use an encrypted filesystem by default? I'm being asked by a partner that would be interested in using openSUSE on the Chromebook providing the filesystem can be encrypted.
If you want to create an image with a preconfigured key, this question obviously goes to Marcus :).
The more interesting use case imho is an image that encrypts itself on first boot though - and this should be possible using normal overlay files. The system would boot up, ask you for a password to encrypt itself with, convert its root partition to be encrypted and then reboots into encrypted mode.
And yes, mkinitrd and friends do support LUKS already :).
cryptsetup 1.5 as contained in Factory introduced a new tool to reencrypt LUKS volumes. There are also scripts for dracut to do the reencryption in initrd. Shouldn't be hard to port that feature to mkinitrd. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-arm+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-arm+owner@opensuse.org
participants (3)
-
Alexander Graf -
Andrew Wafaa -
Ludwig Nussel