tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: cgd (encrypted disk) support in bootblocks (Was: summer of code - scrub feature)

On Mon, Mar 23, 2009 at 09:10:40PM +0100, Jan Danielsson wrote:
>    I've been looking into if it's possible to hard code the cgd  
> parameters in a kernel configuration, and tell the kernel to mount root  
> on a cgd-device. The goal is to be able to have the cgd parameters  
> physically separated from the rest of the system (apart from the  
> parameters in ram). Unfortunately, work has been keeping me too busy to  
> put any real effort into it. I might just as well ask here; would it be  
> possible to boot a kernel, which is hardcoded to use cgd0 as a root, off  
> a USB memory key? Obviously the kernel will need to configure the cgd0  
> device prior to mounting root, which may be a source of difficulties.

Yes.  I hadn't considered the possibility of compiling the cgd parameters
into the kernel.  In that case, it's very easy.

You have to provide a way to compile the cgd parameters into the kernel,
and write a mountroothook which sets up the cgd.  Then it ought to just

The cgd parameters could probably even be passed by the boot loader
as kernel arguments.  Then this could even work with a generic kernel,
and be set up at install time.


Home | Main Index | Thread Index | Old Index