New subject: [Bug 1137056] Automatically add a custom generated key to initrd when installing to LVM/LUKS

1 Jun 2019

      http://bugzilla.opensuse.org/show_bug.cgi?id=1137056

            Bug ID: 1137056
           Summary: Automatically add a custom generated key to initrd
                    when installing to LVM/LUKS
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 15.1
          Hardware: x86-64
                OS: Other
            Status: NEW
          Severity: Enhancement
          Priority: P5 - None
         Component: Installation
          Assignee: yast2-maintainers@suse.de
          Reporter: alexander.shchadilov@gmail.com
        QA Contact: jsrain@suse.com
          Found By: ---
           Blocker: ---

If an encrypted system partition is configured during installation openSUSE
puts /boot inside of it. While this scheme has certain advantages from the
security side of things, it also brings an inconvenience of entering LUKS
password twice. This inconvenience can be circumvented through adding a custom
key that is used by system to access encrypted partitions; thus GRUB becomes
the only software that asks for password.

openSUSE wiki:
https://en.opensuse.org/SDB:Encrypted_root_file_system
http://web.archive.org/web/20190601195245/https://en.opensuse.org/SDB:Encryp...

Arch wiki:
https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#En...)
http://web.archive.org/web/20190522050457/https://wiki.archlinux.org/index.p...

So it is a feature request for an automated procedure during OS install. There
are no security drawbacks AFAIK.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

[Bug 1137056] New: Automatically add a custom generated key to initrd when installing to LVM/LUKS

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

bugzilla_noreply＠novell.com

tags

participants (1)