hi there, first of all congrats to your work.
i got an idea or to be more precise a feature request. and although i'm
not quite sure if it would be useful to others i want to propose it. and
just for the case noone finds it useful, i would appreciate it if you
could point me in the right direction where to start.
* i got a scenario where it would be very useful if i could open a luks
encrypted device just readonly for certain key slots.
let's say if someone gives the credentials for key slot 1 or 3 it's
opened AUTOMATICALLY as readonly, but if you use key slot 0 or 2 it's
opened just the way you want (normally rw, but in respect to the options
given).
* i thought of 2 ways accomplishing this:
- the first one is the quickndirty hack which just says "okay if
its key slot 0 do what the user wants todo, for all others ALWAYS set
options.flags |= CRYPT_FLAG_READONLY"
- the second one would be more fine. lets define add key creation
time the right (rw or just ro) this key has and according to that do
what you ought todo
* as to the first way, it seems quite clear to me that i just need to
modify the function __crypt_luks_open in lib/setup.c (around the call
LUKS_open_any_key) and according to the return value modify options
* for the second i'm not quite sure where to start
so please share your ideas with me (and excuse my english)
mfg,
martin strigl
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx
