Feature #1758
Base: encrypted root lvm partition
| Status: | CLOSED | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | nethserver-base | |||
| Target version: | v6.4-beta1 | |||
| Resolution: | NEEDINFO: |
Description
Support encrypted root lvm partition.
The encryption is tested and works perfectly. We need to create some tools to backup the encryption keys.
Working kickstart: http://dev.nethserver.org/projects/nethserver/repository/nethserver-devbox/changes/root/usr/share/nethesis/nethserver-devbox/iso/ks/ks-crypted.cfg?rev=master
LUKS (cryptsetup): https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions
Associated revisions
ks-local.cfg: add support for encrypted filesystem. Refs #1758
History
#1
Updated by Giacomo Sanchietti over 8 years ago
Resetting passphrases for mapped LUKS volumes: http://www.debian-administration.org/users/dkg/weblog/71
#2
Updated by Giacomo Sanchietti over 8 years ago
Automatic backup should not be necessary.
If needed, here is a sample script for executing the backup of an encrypted root partition:
/sbin/cryptsetup isLuks /dev/VolGroup/lv_root
if [ $? -eq 0 ]; then
/sbin/cryptsetup luksHeaderBackup --header-backup-file backup-lv_root /dev/VolGroup/lv_root
fi
#3
Updated by Giacomo Sanchietti over 8 years ago
- Status changed from NEW to ON_DEV
- % Done changed from 0 to 30
#4
Updated by Giacomo Sanchietti over 8 years ago
- Status changed from ON_DEV to ON_QA
- % Done changed from 30 to 80
#5
Updated by Giacomo Sanchietti over 8 years ago
- Status changed from ON_QA to MODIFIED
- % Done changed from 80 to 100
If fspassword option is passed on command line, the root filesystem will be encrypted using given password.
#6
Updated by Davide Principi about 8 years ago
- Status changed from MODIFIED to CLOSED