lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2907407.5HaPOCmciK@natalenko.name>
Date:   Mon, 16 Apr 2018 00:25:22 +0200
From:   Oleksandr Natalenko <oleksandr@...alenko.name>
To:     Hansjoerg Lipp <hjlipp@....de>
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [RFC] Passing luks passphrase from grub to systemd

Hi.

> as I'm stuck with a (non-EFI x86_64) system with encrypted root
> partition, I have to enter the passphrase twice (grub needs it for
> getting the kernel etc., systemd needs it for mounting the root
> partition). This can be quite inconvenient, especially if the passphrase
> is long and contains special characters, and grub assumes a different
> keyboard layout.

Just fill another LUKS slot with a randomly generated key file and add that 
file to your initramfs (which already resides on encrypted /boot, right?). If 
your distro cannot do that, you should probably fixing things there, not 
adding ugly hacks to the kernel.

Check how it is implemented in Arch, for instance [1]. I'm not sure whether 
this is currently possible with openSUSE, though.

Regards,
  Oleksandr

[1] https://klmlinks.wordpress.com/2016/03/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ