David Schneider

If we're applying it unconditionally for xiwi, it would be better just to generate the correct events in the first place: https://github.com/dnschneid/crouton/blob/master/host-ext/nacl_src/kiwi.cc#L624 (and 628). @drinkcat any reason we're generating the...

That would technically work, but it would also bypass many layers of protection in Chromium that prevents random downloaded files (including cached extensions and whatnot) from being executable. As for...

@smeggysmeg thanks! looks like you need to update the "how to update" steps as well.

Did this ever get fixed?

Thanks for working on this! I don't think there needs to be a new parameter, though. When you go to encrypt the chroot, and only if you specify the `-k`...

If you want to start fresh and throw away the work, `git reset --hard origin/master` followed by `git push origin encryption --force-with-lease` will safely update github.

That's kind of the point of moving the key around. You can manually back up your key somewhere else (and then point to it if need-be by passing -k to...

But yes, this was pretty much how I was expecting it to behave (kudos for the very clean way of handling the unwrapped keys).

Is hexdump still giving you a bad byte count, even with the `32/1` update? It seemed fixed to me.

Good point. I don't think you need to do line-by-line though. Something like: If first 16 characters of key is ....., it's unencrypted (don't check fnek to confirm). Then you...