Nikolaus Rath <[EMAIL PROTECTED]> writes: > Reinhard Tartler <[EMAIL PROTECTED]> writes: >> Okay, now things become clearer. >> >> As explained before, you cannot expect to use a keyfile for the root >> file system, > [...] > > But that is not what I want to do. I want to use a keyfile for the > *swap* filesystem.
Yes, I understand that. >> Where should the key for unencrypting the device come from? > > Well, from the root file system I'd expect. >From the 'unencrypted' root filesystem, to be more correct. > I'm afraid I still don't see why the warning is appropriate. I'd be > glad if you could try to explain again why the swap filesystem cannot > be decrypted using the key from the root filesystem (this can't be > more difficult than using removable media, can it?). It is not more difficult, but pointless. The key would need to be unencrypted on the physical hard drive, so an attacker would be able to directly grab and use it. If you really want to do that anyway, it should be possible to use the passdev script that is intended to be used with removable drives with your root filesystem by entering the UUID of the root filesystem. I didn't try this myself (because I still think this is rather pointless security wise), but it should work. -- Gruesse/greetings, Reinhard Tartler, KeyID 945348A4 -- keyfile doesn't work in initramfs https://bugs.launchpad.net/bugs/238163 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
