the keys are in kernelspace IIRC and thus updated / passed on initrd /initramfs updates and kernel updates
Corey W Sheldon Freelance IT Consultant, Multi-Discipline Tutor 310.909.7672 www.facebook.com/1stclassmobileshine On Sat, Sep 13, 2014 at 7:01 PM, Ian Pilcher <arequip...@gmail.com> wrote: > On 09/13/2014 03:59 AM, Fred New wrote: > > One step up from this would be something like a kpatch process in rpm > > combined with packaged metadata that replaces in-memory modules so that > > reboots wouldn't be necessary. Yeh, probably impossible. > > This has almost certainly already been considered by people smarter than > me, but it occurs to me that there's no reason that kexec couldn't some- > how pass LUKS/dm-crypt keys to the new kernel. > > -- > ======================================================================== > Ian Pilcher arequip...@gmail.com > -------- "I grew up before Mark Zuckerberg invented friendship" -------- > ======================================================================== > > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct >
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct