Mailinglist Archive: opensuse-features (291 mails)

< Previous Next >
[openFATE 307523] Make hard disk encryption configurable
  • From: fate_noreply@xxxxxxx
  • Date: Sat, 8 May 2010 11:20:48 +0200 (CEST)
  • Message-id: <feature-307523-7@xxxxxxxxxxxxxx>
Feature changed by: Tim - (timsheI)
Feature #307523, revision 7
Title: Make hard disk encryption configurable

openSUSE-11.3: Unconfirmed
Requester: Important

Requested by: Stephan Kleine (bitshuffler)

E.g. currently aes-cbc-essiv instead of aes-xts-plain is used because
it is the upstream default although it has a number of disadvantages.
That is perfectly fine as long as one could change the default.
In short the following features are needed:
1) Possibility to override used options during installation (also
should be setable via autoyast / kiwi so one doesn't have to change the
setting on every new install).
2) Possibility to override used options during partition creation.
3) Possibility to set the used default options in some /etc file.
IMHO a simple text field in the partitioner to override the used
options would perfectly suffice. Then safe & restore that field via
autoyast & kiwi and be done. The systemwide default should be stored in
some /etc/sysconfig file.
Related bug report:

+ Discussion:
+ #1: Tim - (timshei) (2010-05-08 11:20:05)
+ I agree with that and afaik aes-xts-plain should be also faster.
+ It would be also great if Yast offers an advanced configuration button
+ like in case of formatting where the user can change the key length
+ (128-256) and maybe the algorithm. I think the default should be aes-
+ xts-plain 512 (256 bit key length) though.

openSUSE Feature:

< Previous Next >
This Thread
  • No further messages