URL: <https://savannah.gnu.org/bugs/?57678>
Summary: Add a possibility to transfer passphrase to OS when unlocking encrypted container Project: GNU GRUB Submitted by: kadilov Submitted on: Пн. 27 янв. 2020 14:12:27 Category: Security Severity: Major Priority: 5 - Normal Item Group: Feature Request Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Discussion Lock: Any Release: Release: 2.02 Reproducibility: None Planned Release: None _______________________________________________________ Details: Currently using GRUB with GRUB_ENABLE_CRYPTODISK option for unlocking encrypted device may lead to a scenario when user needs to enter passphrase twice, once for GRUB and once for OS booting software. If LUKS is used, a common workaround that improves user experience involves generating a LUKS key that is permanently stored inside the encrypted container. Having a way to securely transfer the passphrase to OS would make possible a more streamlined configuration. Workarounds described in community documentation of Linux distributions: https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#With_a_keyfile_embedded_in_the_initramfs https://en.opensuse.org/SDB:Encrypted_root_file_system This suggestion was originally posted by Andreas Stieger on openSUSE bug tracker: https://bugzilla.suse.com/show_bug.cgi?id=1137056#c1 _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?57678> _______________________________________________ Сообщение отправлено по Savannah https://savannah.gnu.org/