[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: encrypted root fs on a slug and crypto-modules

> On Tue, 11 Mar 2008 at 07:13:41 +0100, Admir Trakic <admir@trakic.com> wrote:
> Anders,
> Is there any way to incoporate this hint:
> http://www.debian-administration.org/articles/579 where usage of
> serial port would be avoided?
> ;-)

After browsing the howto slightly my guess is that it would work.
Busybox is available (in fact it is already in the initrd image) for
the arm and so is dropbear. One concern is the available size on the
flash in the NSLU2. Dropbear is a bit above 500 kB installed, but not
all of it needs to be in the initrd image. I think it would fit.

Another concern is the available RAM. I don't know exactly how much
memory is required for the the slug to boot and start the apps from
RAM. If the swap partition is also encrypted and needs to be unlocked
before being used, it may be a problem. If so, a random key for the
swap partition might help in that case, because then swap can be
initiated before actually entering a LUKS passphrase for the root

I will not personally try this at the moment because one of my design
goals is to _not_ run a ssh server and further require physical access
for entering the passphrase at boot (via a serial port), which I think
increases security and is suitable for my application.


Reply to: