[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Installer Buster Alpha 3 release

Hi Sebastian,

Sebastian Krause <sebastian@realpath.org> (2018-06-19):
> Cyril Brulebois <kibi@debian.org> wrote:
> >  * cryptsetup:
> >     - Upgrade to upstream version 2.0.0.
> Since this version of cryptsetup adds support for dm-integrity
> (https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity), are
> there any plans to eventually support it in the installer so that I
> can have a root partition with checksums on all data and metadata?

To be honest, I did include this particular version bump to see if that
was sparking any reaction/interest. I happened to notice Matthew Garrett
has been working on some merge requests[1,2] to fix some issues popping
up in d-i specifically.

 1. https://salsa.debian.org/cryptsetup-team/cryptsetup/merge_requests/2
 2. https://salsa.debian.org/debian/argon2/merge_requests/3

I guess you could start by documenting what such a plan should look
like, in a bug report against partman-crypto (which should be a good
starting point I suppose)?

> However, unfortunately for now bug #896649 would be a blocker anyway
> since the kernel option CONFIG_DM_INTEGRITY is not yet enabled in the
> standard Debian kernel.

Such a blocker shouldn't last long, enabling an option is usually done
rather quickly if there's no obvious issue/conflict with it. Drafting a
sound plan, then implementing it would be the hard part.

Cyril Brulebois (kibi@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

Attachment: signature.asc
Description: PGP signature

Reply to: