booster icon indicating copy to clipboard operation
booster copied to clipboard

Published 20 hours ago verified publisher icon anatol

Add rd.luks.data & header option

Open ghost opened this issue 4 years ago • 5 comments

Couldn't figure out why this wasn't working until I looked at the source. Please see here:

https://www.freedesktop.org/software/systemd/man/systemd-cryptsetup-generator.html

ghost avatar Feb 14 '21 02:02 ghost

Thank you for the request. My understanding it is a way to handle LUKS partitions with detached headers. Before moving forward with it I have a couple of questions to understand the nature of this setup:

  • What is the reason for using detached headers for root partition?
  • Where the detached header is suppose to be stored? Is it going to be another partition (and thus 2 partitions are needed to unlock a volume)? Or the header suppose to be packed to the initramfs itself? Or...

anatol avatar Feb 19 '21 03:02 anatol

No progress at this point yet unfortunately. I need to implement the logic that discovers and temporarily mounts devices (that might contain LUKS headers/passwords/keys/...). I plan to look at it before the 0.8 release.

Any information/documentation/examples will be helpful for sure. Please share your ideas about this topic!

anatol avatar Dec 01 '21 03:12 anatol

Umm, I can't figure out if this feature was added or not. It doesn't look like it was considering the man page hasn't documented it. Can you confirm if I can use booster to unlock LUKS partitions with detached headers?

ayushnix avatar Aug 16 '23 11:08 ayushnix

The issue is not complete. It looks like the original author account got removed and it automatically closed his tickets.

anatol avatar Aug 16 '23 15:08 anatol

Thank you for the request. My understanding it is a way to handle LUKS partitions with detached headers. Before moving forward with it I have a couple of questions to understand the nature of this setup:

* What is the reason for using detached headers for root partition?

* Where the detached header is suppose to be stored? Is it going to be another partition (and thus 2 partitions are needed to unlock a volume)? Or the header suppose to be packed to the initramfs itself? Or...

@anatol For example, in my scenario the header and key is stored on external device (flash drive with grub2+keyfiles+header). It doesn't encrypted. The main SSD device contains luks2+lvm+kernels+root. My current options for the genkernel:

ro dolvm root_trim=yes scandelay
root=UUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
crypt_root=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
root_key=/keyfiles/gentoo.key
root_keydev=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
root_header=/keyfiles/gentoo.hdr
root_headerdev=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

I would like to test this scenario on the "booster" when all options are implemented.

reagentoo avatar Jan 26 '24 09:01 reagentoo