So I've been trying to figure out how to have remote systems with
encrypted partitions (including / ) be encrypted but be able to reboot
them remotely.

  Originally I had found the mandos project. However due to one of its
dependencies you can't have one server handle multiple clients of
different types. Plus modifying dracut so that the network works
properly was just a huge headache.

  That left me with a thought. What if I was able to give an argument
to a special 'reboot' command. This would place the password somewhere
(either in the initramfs, or elsewhere) and then dracut would read it
on boot and then remove it afterwards. So if the computer is shutdown
or normally rebooted you would have to input the encryption key.
However if I rebooted it remotely using this 'script/wrapper command'
it could reboot completely.

  So I'm wondering does this sound doable? Secure enough? Would you
expect that modifying the initramfs is plausible or should I be writing
to a file in /boot or something like that? Thoughts?

To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to