security risk? that doesn't make much sense... in normal installs both
/boot and the luks headers are lying there on the disks unencrypted. i
don't see how packing the luks headers into the initramfs (/boot) could
make that any worse?
i'm not a linux guru by any means, but AFAIU:
- grub loads the kernel and the initramfs (from /boot, but not as a
normal mount, but as some lower level infrastructure)
- jumps to the kernel entry point address, passing it the initramfs
as a memory address. at this point nothing is mounted.
- boot scripts in initramfs start to get executed and reach the
point of mounting rootfs. at this point /boot is probably not
mounted yet, but i don't see any obvious obstacles why it couldn't
be mounted before the rootfs, except that i have no clue about how
linux mount work. rootfs gets mounted as / after all, maybe that's
a headache if there's stuff like /boot already mounted.
thanks for looking into this! plausible deniability is becoming more
and more important now that poeple go to jail even in the the western
"free" democracies for as little as not giving out passwords...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1223622
Title:
add support for crypttab mounting of luks devices with detached
headers
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1223622/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
