On 01/06/2015 11:03 μμ, Ivan Mincik wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear LTSP developers,
> I am wondering if it is possible to setup encrypted NBD root device
> which I want to use in some other Open Source project. I have just
> found, that LTSP is using encrypted NBD, but only for swap device. Is
> there any technical reason, that it is not possible to do so for root
> device ?
>
If the server is to encrypt something, and only specific (=LTSP) clients
to be able to decrypt it, then they need some special information from
the server, e.g. the server's private encryption key or something.
How are you planning to deploy that to netbooted clients?
They need local storage for that... alternatively, the root file system
encryption can be based on the client's hardware specific information,
that is transferred securely to the server and used as a seed to the
server's private encryption key (multi-key encryption).
For the swap partition it's not the same, it's the client itself that
formats + encrypts the swap partition, not the server.
------------------------------------------------------------------------------
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
