hey folks, I've working on partmancrypto today and I'd like to publish here things I've thought about, so I can get opinions and see how I advance from here.
I'm planning to work on dm-crypt and LUKS support on partman, which it lacks of in the actual work and which is the encryption method in Linux that I'm more familiar with. Debian support nowdays dm-crypt (the cryptsetup package) is quite fine, it also has a very good documentation on how encrypt the root filesystem, but there has been no work on cryptsetup-luks (which is the original cryptsetup with some other enhancements -- like compatibility and standardization, which is important for what we want to do. I'm getting started on supporting this on Debian and optimizing it for debian-installer. ideas and annotations about dm-crypt: 1. init.d/crypto_modules: IIRC, we need dm-mod and dm-crypt modules, both can be compiled in the kernel (CONFIG_BLK_DEV_DM and CONFIG_DM_CRYPT), should we use a kernel that has those modules or compile them into the kernel? (who manages the kernel in the d-i and should be noticed about the modules we need to add for the installation?) 2. choose_method/crypto: IMHO we should try to decide on a standard for this, but yet giving the user the option to choose. I think that cryptsetup-luks is a good option for this because one of its main goals is standardization (and really, not because I'm working on implementing it :-). I'm *really* interested on reading your opinion about this point, specially Max's opinion. I think that that's it for now, I'm going to be offline on the next two weeks, but I'll try to work on this offline. I'll write about updates when I'll come back online. thanks for your attention, shay