[CAL-256] Implement LUKS+dm-crypt support for partitioning and mounting
Created: 30/Jul/15 Updated: 25/Aug/15
Status:
Project:
Component/s:
Affects
Version/s:
Fix Version/s:
Open
Calamares
Partitioning, User interface
1.1.3
Type:
Reporter:
Resolution:
Labels:
Task
Teo Mrnjavac
Unresolved
None
Issue Links:
Duplicate
is duplicated by CAL-260 Full disk encryption, Keyfiles, and o...
Relates
relates to
CAL-254 Segfault at scanDevice() in partitioner
Epic Link:
1.2
Priority:
Assignee:
Votes:
Major
Teo Mrnjavac
0
Partitioning with KPMcore
Description
In Calamares 1.1-stable LUKS is disabled. No reasonable way to enable and make work
because of the decrypt dialog. It doesn't crash as of .
In KPMcore the decrypt dialog is yanked out. Check what else was broken during the
KPM/KPMcore split, implement LUKS mounting and partitioning.
Comments
Comment by Teo Mrnjavac [ 24/Aug/15 ]
Ryan Owens:
When LUKS/dm-crypt capabilities are added to Calamares will a user be able to
encrypt every partition including /boot and swap?
I hope so.
Are there any plans for including Keyfiles for unlocking encrypted partitions?
Closed
Closed
You mean keyfile management through LUKS? I figure that most users simply want to add a
passphrase. If you know what a keyfile is you're probably able to use cryptsetup directly.
Will crypttab files be supported?
Yes, I think crypttab is quite necessary for booting a system with LUKS volumes, isn't it?
Could this functionality be provided by branding modules?
I've designed branding to be quite orthogonal to partitioning operations so I'm gonna go with no.
But if you can elaborate on the functionality you expect there might be other ways to provide it.
Comment by Ryan Owens [ 25/Aug/15 ]
I mention the keyfile because of full system encryption. If you encrypt the /boot as well as root
then you have to enter the password for each partition. But if you unlock the root partition with
a keyfile then you only have to enter the password for /boot. If you don't setup the crypttab with
a keyfile in this setup the system will never ask for the root partition password.
https://wiki.archlinux.org/index.php/Dmcrypt/Encrypting_an_entire_system#Configuring_fstab_and_crypttab_2
I was wondering if default partition layouts can be set by the distribution branding. For example
if I want the default partition scheme to be lvm for my distribution but another distribution
wants it to be standard partitioning it may be useful for distribution branding to set a default
scheme.
Comment by Teo Mrnjavac [ 25/Aug/15 ]
I see. Right now I'm working on making LUKS work at all in KPMcore, but I'll certainly keep
in mind your use case. It might be a good idea to offer unlocking at boot with keyfile at least in
automatic partitioning.
I was wondering if default partition layouts can be set by the distribution
branding. For example if I want the default partition scheme to be lvm for my
distribution but another distribution wants it to be standard partitioning it may be
useful for distribution branding to set a default scheme.
Ok, now I understand. This is not a branding configuration item, in fact a Calamares branding
component is only designed to provide strings, graphics and such kinds of customization. What
you're asking for is achievable with a configuration option in the partitioning module's config
file. The issue is moot since we don't support LVM at this point, but we can think of other
partitioning layout control options.
Generated at Tue Feb 09 14:23:05 UTC 2016 using JIRA 7.0.0#70107sha1:6cd5e8da0433ba37cd68ac1f1a6078fc22964e15.