I'd like to extend the installer's cryptsetup script to allow for:
1. Execution of a pre-cryptsetup script, if it exists, placed conveniently in
the root of the installation medium.
2. User specification of parameters.
The official installers do not allow this. While we can work around this
manually, that is a laborious chore for every install of every release.
Where is the installer's cryptsetup script located?
We need this because:
1. Fresh systems lack sufficient, trustworthy entropy - virtual machines even
more so.
2. There are valid reasons for cipher changes from default (or just a
reassuring re-specification). Setting aside some of the pointless changes and
baseless paranoia we see on the forums, there is one major reason to do this:
AES-128 is faster (with and without AES-NI) and sufficient to keep the data
private, but certain people are contractually bound to use AES-256 FDE on all
systems used in furtherance of certain contracts. Some of them are bound to
FIPS compliance, others to a list of bullet points lifted from the spec.
3. Custom specification of the identity and the hardness parameters of the KDF
are useful. The installer tries to strike a balance, but this balance is not
appropriate in all situations.
4. Better support of the currently laborious task of setting up two-factor key
derivation from a password and key file.
5. As a matter of principle, critical security settings should not be hidden
and hard to modify. That doesn't mean that the default installer should make it
easy for unknowledgeable people to break things, or that we must spend time
letting every parameter be tweaked, but it does require at least some
documented exposure intended for modification.
The pre-cryptsetup script allows the user to solve the problems associated with
entropy and two-factor keying but without having to modify the installation
tree for each image. A post-cryptsetup script along the same lines would also
be useful.
Parameter specification is fairly straightforward. We need a script which sets
a few variables and optionally allows the substitution of a custom command.
How might I get started on this?
--
ubuntu-devel mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
