Shipping/Cloning encrypted disks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I was thinking about a project which basically involves linux images with full disk encryption. The images should be shipped to or downloaded by multiple users. Since the end users are likely linux novices the setup should be as easy as possible.
At the moment I see two options.

1.: Filesystem image with non-encrypted boot and encrypted main filesystem.
     The image should be dd'ed to a hdd or usb drive and resized to fill the whole drive. Then the master key will be changed with cryptsetup-reencrypt.

2.: Like 1 but the filesystem has also a non-encrypted main filesystem.
Encryption will be done either as described here: https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encrypt_an_unencrypted_filesystem or with this tool : https://johannes-bauer.com/linux/luksipc

Currently I am strongly in favor of option 1 since it forces the end user to use full disk encryption. With option 2 it could just be skipped. Also the required effort seems to be the same for both options.
Is there anything else to consider for option 1? Is changing the master key enough? Best practices/build options for the encrypted filesystem?
Maybe an option 3 ... ?

Vasili

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux