=== JanC is now known as Guest58168 | ||
=== JanC_ is now known as JanC | ||
_Xenial_Xerus_ | Is there any way to get them to modify the kernel code for LUKS. | 21:28 |
---|---|---|
_Xenial_Xerus_ | I can make some sort of lustration about why the keys need to be on a seperate partition. | 21:28 |
_Xenial_Xerus_ | Picture of a man pulling out the SDCARD. | 21:28 |
_Xenial_Xerus_ | Walking past police beating checkpoints. | 21:29 |
_Xenial_Xerus_ | Reaching the F.D.L. (food distribution location) and then returning to the computer without 8 necrosan neighbors data dumping the entire system during a home invasion. | 21:29 |
=== JanC_ is now known as JanC | ||
_Xenial_Xerus_ | JanC call up infinity | 21:37 |
JanC | ? | 21:44 |
JanC | I think you need to read documentation | 21:45 |
_Xenial_Xerus_ | Oh, you make a funny? | 21:46 |
JanC | how to do what you ask for is explained in the cryptsetup manual (see e.g. the --header option) | 21:52 |
_Xenial_Xerus_ | JanC manually from a running kernel? | 21:53 |
_Xenial_Xerus_ | backup and restore header | 21:53 |
_Xenial_Xerus_ | This requires a second system. | 21:53 |
_Xenial_Xerus_ | Too much. | 21:53 |
JanC | LUKS can have the key(s) on a separate device; you can suspend/resume a LUKS-encrypted device (suspend here means that the kernel erases the encryption key from memory); if you want you can automate the suspend/resume with udev or the like | 22:03 |
_Xenial_Xerus_ | JanC LUKS now allows for the header to be stored on /boot? | 22:42 |
_Xenial_Xerus_ | Can this be done from the ubuntu installer? | 22:42 |
_Xenial_Xerus_ | Last I looked into it the only way to remove the keys is to do a backup/restore manually from command line. | 22:42 |
JanC | I think it always did, but maybe not from the installer | 22:42 |
_Xenial_Xerus_ | The LUKS code stores the keys in the header and the header at the start of the encrypted part. | 22:43 |
JanC | AFAIK the kernel doesn't really care where the header/keys are; storing it there is just the default/usual way to do it with cryptsetup & most linux installers | 22:45 |
JanC | (and you can always use bare dm-crypt also) | 22:46 |
_Xenial_Xerus_ | LUKS is designed so. | 22:58 |
_Xenial_Xerus_ | The keys are stored in the header, the header the beginning of the crypt part. | 22:59 |
_Xenial_Xerus_ | What do you mean bare dm-crypt, no LVM? | 23:01 |
_Xenial_Xerus_ | JanC? | 23:02 |
JanC | meaning dm-crypt without LUKS | 23:02 |
_Xenial_Xerus_ | LUKS uses dm-crypt doesn't it? | 23:03 |
_Xenial_Xerus_ | It wraps the partition in an encrypted LVM. | 23:03 |
_Xenial_Xerus_ | Here we go turning support into an argument. | 23:04 |
_Xenial_Xerus_ | What is the command for pulling the current source? | 23:05 |
_Xenial_Xerus_ | sudo apt-get source linux? | 23:05 |
_Xenial_Xerus_ | or is it, sudo apt-get --download-source linux? | 23:05 |
_Xenial_Xerus_ | Or is it trapped with dependency injections? | 23:07 |
_Xenial_Xerus_ | JanC leaving the kernal as it is for now then, do you want to work on moving the /boot to an ISO with isolinux | 23:16 |
JanC | see: https://skrilnetz.net/bullet-proof-data-encryption-with-luks-and-a-detached-header/ | 23:22 |
_Xenial_Xerus_ | Did you writup my specs and predate it? | 23:40 |
xnox | _Xenial_Xerus_, please use some other irc nickname, this one is tasteless | 23:41 |
_Xenial_Xerus_ | xnox: what is tasteful? | 23:42 |
_Xenial_Xerus_ | better? | 23:45 |
=== _Xenial_Xerus_ is now known as ubuntu | ||
ubuntu | better? | 23:45 |
=== ubuntu is now known as Guest17872 | ||
xnox | now, yes =) | 23:46 |
=== Guest17872 is now known as Xenial | ||
=== Xenial is now known as Guest89430 | ||
=== Guest89430 is now known as _Xenial |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!