On 08/23/2011 03:05 PM, Arno Wagner wrote: > > Quite frankly, I doubt this increses security significantly. >> For example passing the password in a safe way from grub to the kernel IMHO without full implementation of "trusted boot" this will just add some small amount of work for attacker without real security increase. And with "trusted boot" (whatever it means) grub loader integrity should be verified before you enter passphrase. In fact, it is just few instruction to add to grub module to store entered passphrase somewhere on disk, CMOS, flash, whatever is available for later use by attacker. (Just another variation to "Evil maid" attack.) Anyway, LUKS implementation in GRUB2 is completely independent from upstream, so you can ask on grub devel list - they did not tried to contact upstream if there is possibility to share some code, so it contains full LUKS reimplementation (but it is good for other reasons, though). For kernel dm-crypt - I really do not want here things like "encrypted passphrase" or similar concepts. (Until some certification process forces me:-) But I would like to add here concept of "passphrase handle" IOW userspace will just hand over handle (id) to some other subsystem where the key is stored (Could be kernel keyring, some token, whatever). Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
