Re: Feitian PKI donation to dm-crypt projetc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Le vendredi 05 novembre 2010 Ã 17:29 +0100, Ma Begaj a Ãcrit :
> A script on a encrypted root partition could compare (upon decryption)
> md5
> checksum of initramfs with the saved md5 checksum (with md5sum) and
> show
> alert message if sums do not match. 

When using smartcards, secrets are not displayed. So why should we need
to crypt the initramfs at first stage? We only need to boot in first
stage, non-encrypted, and then request secrets from PKCS#11 and uncrypt
the complete system. 

What do you think?
-- 
                  Jean-Michel Pourà - Gooze - http://www.gooze.eu

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux