Sorry for the cross-post! However, I figured it was the best way to reach all the right people.
I'm the author of the Tang[1] project. In a nutshell, Tang provides a way to bind an encrypted disk to a network. We currently provide automated unlocking of the root volume (via initramfs/systemd). However, one of our use cases is securing removable devices so that they can only be unlocked when the host computer is on a secure network. I have looked a bit at the code for GVFS and udisks, but it wasn't immediately obvious to me the best way to proceed in adding support for this. So I'm here looking for suggestions. More or less, in order to automatically recover a disk's key we need read access to the LUKS header and network access to perform the Tang exchange. It would be my strong preference not to expose the metadata in the LUKS header to unpriviledge users. I attempted to test this by provisioning a USB key using Tang. Upon insertion, GNOME (properly) prompts for the password. If I attempt to unlock the disk in the background during this operation, the password prompt is properly removed. However, the disk does not appear as a standard removable disk any more in Nautilus. Thoughts? Suggestions? [1] https://github.com/latchset/tang _______________________________________________ devkit-devel mailing list devkit-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/devkit-devel