Feature #1758

Base: encrypted root lvm partition

Added by Giacomo Sanchietti over 6 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-base
Target version:v6.4-beta1
Resolution: NEEDINFO:

Description

Support encrypted root lvm partition.

The encryption is tested and works perfectly. We need to create some tools to backup the encryption keys.

Working kickstart: http://dev.nethserver.org/projects/nethserver/repository/nethserver-devbox/changes/root/usr/share/nethesis/nethserver-devbox/iso/ks/ks-crypted.cfg?rev=master

LUKS (cryptsetup): https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions

Associated revisions

Revision d47ff1dd
Added by Giacomo Sanchietti over 6 years ago

ks-local.cfg: add support for encrypted filesystem. Refs #1758

History

#1 Updated by Giacomo Sanchietti over 6 years ago

Resetting passphrases for mapped LUKS volumes: http://www.debian-administration.org/users/dkg/weblog/71

#2 Updated by Giacomo Sanchietti over 6 years ago

Automatic backup should not be necessary.

If needed, here is a sample script for executing the backup of an encrypted root partition:

/sbin/cryptsetup isLuks /dev/VolGroup/lv_root
if [ $? -eq 0 ]; then
    /sbin/cryptsetup luksHeaderBackup --header-backup-file backup-lv_root /dev/VolGroup/lv_root
fi

#3 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from NEW to ON_DEV
  • % Done changed from 0 to 30

#4 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_DEV to ON_QA
  • % Done changed from 30 to 80

#5 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_QA to MODIFIED
  • % Done changed from 80 to 100

If fspassword option is passed on command line, the root filesystem will be encrypted using given password.

#6 Updated by Davide Principi over 6 years ago

  • Status changed from MODIFIED to CLOSED

Also available in: Atom PDF