[21:28] <_Xenial_Xerus_> Is there any way to get  them to modify the kernel code for LUKS.
[21:28] <_Xenial_Xerus_> I can make some sort of lustration about why the keys need to be on a seperate partition.
[21:28] <_Xenial_Xerus_> Picture of a man pulling out the SDCARD.
[21:29] <_Xenial_Xerus_> Walking past police beating checkpoints.
[21:29] <_Xenial_Xerus_> Reaching the F.D.L. (food distribution location) and then returning to the computer without 8 necrosan neighbors data dumping the entire system during a home invasion.
[21:37] <_Xenial_Xerus_> JanC call up infinity
[21:44] <JanC> ?
[21:45] <JanC> I think you need to read documentation
[21:46] <_Xenial_Xerus_> Oh, you make a funny?
[21:52] <JanC> how to do what you ask for is explained in the cryptsetup manual (see e.g. the --header option)
[21:53] <_Xenial_Xerus_> JanC manually from a running kernel?
[21:53] <_Xenial_Xerus_> backup and restore header
[21:53] <_Xenial_Xerus_> This requires a second system.
[21:53] <_Xenial_Xerus_> Too much.
[22:03] <JanC> LUKS can have the key(s) on a separate device; you can suspend/resume a LUKS-encrypted device (suspend here means that the kernel erases the encryption key from memory); if you want you can automate the suspend/resume with udev or the like
[22:42] <_Xenial_Xerus_> JanC LUKS now allows for the header to be stored on /boot?
[22:42] <_Xenial_Xerus_> Can this be done from the ubuntu installer?
[22:42] <_Xenial_Xerus_> Last I looked into it the only way to remove the keys is to do a backup/restore manually from command line.
[22:42] <JanC> I think it always did, but maybe not from the installer
[22:43] <_Xenial_Xerus_> The LUKS code stores the keys in the header and the header at the start of the encrypted part.
[22:45] <JanC> AFAIK the kernel doesn't really care where the header/keys are; storing it there is just the default/usual way to do it with cryptsetup & most linux installers
[22:46] <JanC> (and you can always use bare dm-crypt also)
[22:58] <_Xenial_Xerus_> LUKS is designed so.
[22:59] <_Xenial_Xerus_> The keys are stored in the header, the header the beginning of the crypt part.
[23:01] <_Xenial_Xerus_> What do you mean bare dm-crypt, no LVM?
[23:02] <_Xenial_Xerus_> JanC?
[23:02] <JanC> meaning dm-crypt without LUKS
[23:03] <_Xenial_Xerus_> LUKS uses dm-crypt doesn't it?
[23:03] <_Xenial_Xerus_> It wraps the partition in an encrypted LVM.
[23:04] <_Xenial_Xerus_> Here we go turning support into an argument.
[23:05] <_Xenial_Xerus_> What is the command for pulling the current source?
[23:05] <_Xenial_Xerus_> sudo apt-get source linux?
[23:05] <_Xenial_Xerus_> or is it, sudo apt-get --download-source linux?
[23:07] <_Xenial_Xerus_> Or is it trapped with dependency injections?
[23:16] <_Xenial_Xerus_> JanC leaving the kernal as it is for now then, do you want to work on moving the /boot to an ISO with isolinux
[23:22] <JanC> see: https://skrilnetz.net/bullet-proof-data-encryption-with-luks-and-a-detached-header/
[23:40] <_Xenial_Xerus_> Did you writup my specs and predate it?
[23:41] <xnox> _Xenial_Xerus_, please use some other irc nickname, this one is tasteless
[23:42] <_Xenial_Xerus_> xnox: what is tasteful?
[23:45] <_Xenial_Xerus_> better?
[23:45] <ubuntu> better?
[23:46] <xnox> now, yes =)