[Bug 1137056] New: Automatically add a custom generated key to initrd when installing to LVM/LUKS
http://bugzilla.opensuse.org/show_bug.cgi?id=1137056 Bug ID: 1137056 Summary: Automatically add a custom generated key to initrd when installing to LVM/LUKS Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: x86-64 OS: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Installation Assignee: yast2-maintainers@suse.de Reporter: alexander.shchadilov@gmail.com QA Contact: jsrain@suse.com Found By: --- Blocker: --- If an encrypted system partition is configured during installation openSUSE puts /boot inside of it. While this scheme has certain advantages from the security side of things, it also brings an inconvenience of entering LUKS password twice. This inconvenience can be circumvented through adding a custom key that is used by system to access encrypted partitions; thus GRUB becomes the only software that asks for password. openSUSE wiki: https://en.opensuse.org/SDB:Encrypted_root_file_system http://web.archive.org/web/20190601195245/https://en.opensuse.org/SDB:Encryp... Arch wiki: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#En...) http://web.archive.org/web/20190522050457/https://wiki.archlinux.org/index.p... So it is a feature request for an automated procedure during OS install. There are no security drawbacks AFAIK. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1137056
http://bugzilla.opensuse.org/show_bug.cgi?id=1137056#c1
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1137056
http://bugzilla.opensuse.org/show_bug.cgi?id=1137056#c2
Neil Rickert
http://bugzilla.opensuse.org/show_bug.cgi?id=1137056
http://bugzilla.opensuse.org/show_bug.cgi?id=1137056#c9
Andreas Stieger
This actually needs JIRA entry and everyone involved to design and discuss it there (please).
That is SUSE internal, so no involvement of the community required on this I guess. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com