Hi Sebastian, Sebastian Krause <sebastian@realpath.org> (2018-06-19): > Cyril Brulebois <kibi@debian.org> wrote: > > * cryptsetup: > > - Upgrade to upstream version 2.0.0. > > Since this version of cryptsetup adds support for dm-integrity > (https://gitlab.com/cryptsetup/cryptsetup/wikis/DMIntegrity), are > there any plans to eventually support it in the installer so that I > can have a root partition with checksums on all data and metadata? To be honest, I did include this particular version bump to see if that was sparking any reaction/interest. I happened to notice Matthew Garrett has been working on some merge requests[1,2] to fix some issues popping up in d-i specifically. 1. https://salsa.debian.org/cryptsetup-team/cryptsetup/merge_requests/2 2. https://salsa.debian.org/debian/argon2/merge_requests/3 I guess you could start by documenting what such a plan should look like, in a bug report against partman-crypto (which should be a good starting point I suppose)? > However, unfortunately for now bug #896649 would be a blocker anyway > since the kernel option CONFIG_DM_INTEGRITY is not yet enabled in the > standard Debian kernel. Such a blocker shouldn't last long, enabling an option is usually done rather quickly if there's no obvious issue/conflict with it. Drafting a sound plan, then implementing it would be the hard part. Cheers, -- Cyril Brulebois (kibi@debian.org) <https://debamax.com/> D-I release manager -- Release team member -- Freelance Consultant
Attachment:
signature.asc
Description: PGP signature