Feature #1758
Base: encrypted root lvm partition
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-base | |||
Target version: | v6.4-beta1 | |||
Resolution: | NEEDINFO: |
Description
Support encrypted root lvm partition.
The encryption is tested and works perfectly. We need to create some tools to backup the encryption keys.
Working kickstart: http://dev.nethserver.org/projects/nethserver/repository/nethserver-devbox/changes/root/usr/share/nethesis/nethserver-devbox/iso/ks/ks-crypted.cfg?rev=master
LUKS (cryptsetup): https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
Associated revisions
ks-local.cfg: add support for encrypted filesystem. Refs #1758
History
#1 Updated by Giacomo Sanchietti over 8 years ago
Resetting passphrases for mapped LUKS volumes: http://www.debian-administration.org/users/dkg/weblog/71
#2 Updated by Giacomo Sanchietti over 8 years ago
Automatic backup should not be necessary.
If needed, here is a sample script for executing the backup of an encrypted root partition:
/sbin/cryptsetup isLuks /dev/VolGroup/lv_root if [ $? -eq 0 ]; then /sbin/cryptsetup luksHeaderBackup --header-backup-file backup-lv_root /dev/VolGroup/lv_root fi
#3 Updated by Giacomo Sanchietti over 8 years ago
- Status changed from NEW to ON_DEV
- % Done changed from 0 to 30
#4 Updated by Giacomo Sanchietti over 8 years ago
- Status changed from ON_DEV to ON_QA
- % Done changed from 30 to 80
#5 Updated by Giacomo Sanchietti over 8 years ago
- Status changed from ON_QA to MODIFIED
- % Done changed from 80 to 100
If fspassword
option is passed on command line, the root filesystem will be encrypted using given password.
#6 Updated by Davide Principi about 8 years ago
- Status changed from MODIFIED to CLOSED