Control: tags -1 pending
On Thu, 11 Jan 2024 19:55:18 + Luca Boccassi
wrote:
> On Thu, 11 Jan 2024 at 14:22, Holger Levsen
wrote:
> >
> > On Thu, Jan 11, 2024 at 11:56:28AM +, Luca Boccassi wrote:
> > [...]
> > > How about if I changed the Description from:
> > > Self-encrypting disk
On Mon, 15 Jan 2024 at 12:28, Holger Levsen wrote:
>
> On Mon, Jan 15, 2024 at 10:46:14AM +, Luca Boccassi wrote:
> > > huh, if there's a bug in the firmware to accidently store the encryption
> > > key on the drive in plaintext, it doesn't cost anything extra.
> > Sure, and if there's a bug
On Mon, Jan 15, 2024 at 10:46:14AM +, Luca Boccassi wrote:
> > huh, if there's a bug in the firmware to accidently store the encryption
> > key on the drive in plaintext, it doesn't cost anything extra.
> Sure, and if there's a bug in your CPU to accidentally reveal all
> kernel secrets to any
On Mon, 15 Jan 2024 at 10:22, Holger Levsen wrote:
>
> On Sun, Jan 14, 2024 at 08:37:30PM +, Luca Boccassi wrote:
> > Most definitely wrong. If your threat model is "hardware vendor will
> > spend hundreds of millions of dollars to get at me" then your cpu
> > vendor, memory controller
On Sun, Jan 14, 2024 at 08:37:30PM +, Luca Boccassi wrote:
> Most definitely wrong. If your threat model is "hardware vendor will
> spend hundreds of millions of dollars to get at me" then your cpu
> vendor, memory controller vendor, etc etc can do that too, so you
> better not use this nor
On Sun, 14 Jan 2024 at 19:30, Pascal Hambourg wrote:
>
> On 11/01/2024 at 12:56, Luca Boccassi wrote:
> >
> > Yes it is a firmware feature, so it depends on the hardware, and in all
> > drives I know of that will be the case, yes. From that point of view,
> > to me it doesn't seem that far away
On 11/01/2024 at 12:56, Luca Boccassi wrote:
Yes it is a firmware feature, so it depends on the hardware, and in all
drives I know of that will be the case, yes. From that point of view,
to me it doesn't seem that far away from dm-crypt using the CPU's AES-
NI to actually encrypt/decrypt data,
On Thu, Jan 11, 2024 at 07:55:18PM +, Luca Boccassi wrote:
> Thank you for the feedback, MR on Salsa is updated as described.
<3
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
On Thu, 11 Jan 2024 at 14:22, Holger Levsen wrote:
>
> On Thu, Jan 11, 2024 at 11:56:28AM +, Luca Boccassi wrote:
> [...]
> > How about if I changed the Description from:
> > Self-encrypting disk (opal with LUKS2)
> > to something like:
> > Firmware-backed self-encrypting disk
On Thu, Jan 11, 2024 at 11:56:28AM +, Luca Boccassi wrote:
[...]
> How about if I changed the Description from:
> Self-encrypting disk (opal with LUKS2)
> to something like:
> Firmware-backed self-encrypting disk (vendor-implemented OPAL with
> LUKS2)
> Would that suffice? If not, do you
On Thu, 11 Jan 2024 08:46:53 + Holger Levsen
wrote:
> On Thu, Jan 11, 2024 at 01:47:59AM +, Luca Boccassi wrote:
> > cryptsetup 2.7.0, currently in experimental, added support for self
> > encrypting drives using the OPAL functionality as the encryption
layer
> > (managed by the kernel,
On Thu, Jan 11, 2024 at 01:47:59AM +, Luca Boccassi wrote:
> cryptsetup 2.7.0, currently in experimental, added support for self
> encrypting drives using the OPAL functionality as the encryption layer
> (managed by the kernel, not by the TCG utilities), both in standalone
[...]
> I have added
Source: partman-crypto
Tags: patch
Dear Maintainer(s),
cryptsetup 2.7.0, currently in experimental, added support for self
encrypting drives using the OPAL functionality as the encryption layer
(managed by the kernel, not by the TCG utilities), both in standalone
mode and with a nested dm-crypt
13 matches
Mail list logo
