Some thoughs and opinions about PartmanCrypto's future
hey folks, I've working on partmancrypto today and I'd like to publish
here things I've thought about, so I can get opinions and see how I
advance from here.
I'm planning to work on dm-crypt and LUKS support on partman, which it
lacks of in the actual work and which is the encryption method in
Linux that I'm more familiar with.
Debian support nowdays dm-crypt (the cryptsetup package) is quite
fine, it also has a very good documentation on how encrypt the root
filesystem, but there has been no work on cryptsetup-luks (which is
the original cryptsetup with some other enhancements -- like
compatibility and standardization, which is important for what we want
to do. I'm getting started on supporting this on Debian and optimizing
it for debian-installer.
ideas and annotations about dm-crypt:
1. init.d/crypto_modules: IIRC, we need dm-mod and dm-crypt modules,
both can be compiled in the kernel (CONFIG_BLK_DEV_DM and
CONFIG_DM_CRYPT), should we use a kernel that has those modules or
compile them into the kernel? (who manages the kernel in the d-i and
should be noticed about the modules we need to add for the
installation?)
2. choose_method/crypto: IMHO we should try to decide on a standard
for this, but yet giving the user the option to choose. I think that
cryptsetup-luks is a good option for this because one of its main
goals is standardization (and really, not because I'm working on
implementing it :-). I'm *really* interested on reading your opinion
about this point, specially Max's opinion.
I think that that's it for now, I'm going to be offline on the next
two weeks, but I'll try to work on this offline. I'll write about
updates when I'll come back online.
thanks for your attention,
shay
Reply to: