Martin Pitt <mp...@debian.org> (2015-04-16):
> Hello Cyril,
> 
> Cyril Brulebois [2015-04-16 19:40 +0200]:
> > Anyway, asking for home encryption indeed leads to swap encryption,
> > through a ecryptfs-setup-swap call, which in turn triggers:
> > |        echo "cryptswap$i UUID=$uuid /dev/urandom 
> > swap,offset=1024,cipher=aes-xts-plain64" >> /etc/crypttab
> > `---[ src/utils/ecryptfs-setup-swap ]---
> > 
> > The same file in the Debian package has no offset, so I guess that means
> > Debian is rather safe.
> 
> Well, it actually means that it's even more broken :-( If you don't
> specify an offset at all, then you can only boot this system once.
> Then your partition will be overwritten with random data entirely, and
> the next time you won't have any matching UUID any more, and you again
> get a hanging boot (this affects sysvinit and upstart too). I. e. you
> will have exactly the same effect.
> 
> So to properly fix this, we need:
> 
>  (1) the fix to add the offset=:
>      https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/840
> 
>      (Updating the used cipher would also be a good idea, but not
>      essential)
> 
>      This fix alone is sufficient under sysvinit and upstart.
> 
>  (2) this systemd fix to actually respect offset= when booting under
>      systemd.

Huh? Last I checked, guided encrypted LVM just works…

Mraw,
KiBi.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Pkg-systemd-maintainers mailing list
Pkg-systemd-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers

Reply via email to