URL:
<https://savannah.gnu.org/bugs/?57678>
Summary: Add a possibility to transfer passphrase to OS when
unlocking encrypted container
Project: GNU GRUB
Submitted by: kadilov
Submitted on: Пн. 27 янв. 2020 14:12:27
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: Feature Request
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release:
Release: 2.02
Reproducibility: None
Planned Release: None
_______________________________________________________
Details:
Currently using GRUB with GRUB_ENABLE_CRYPTODISK option for unlocking
encrypted device may lead to a scenario when user needs to enter passphrase
twice, once for GRUB and once for OS booting software. If LUKS is used, a
common workaround that improves user experience involves generating a LUKS key
that is permanently stored inside the encrypted container.
Having a way to securely transfer the passphrase to OS would make possible a
more streamlined configuration.
Workarounds described in community documentation of Linux distributions:
https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#With_a_keyfile_embedded_in_the_initramfs
https://en.opensuse.org/SDB:Encrypted_root_file_system
This suggestion was originally posted by Andreas Stieger on openSUSE bug
tracker:
https://bugzilla.suse.com/show_bug.cgi?id=1137056#c1
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?57678>
_______________________________________________
Сообщение отправлено по Savannah
https://savannah.gnu.org/
