Re: [cryptsetup PATCH] Make BitLocker support optional

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 29/10/2021 23:31, Phil Sutter wrote:

Hi Milan,

On Thu, Oct 28, 2021 at 09:14:10AM +0200, Milan Broz wrote:

Support for all formats is mandatory (the pain to support various kernel configuration is already enough),
so sorry, but I will not accept this patch.


I can relate but in this case the default is enabled so unless someone
really cares nothing changes.


All formats in libcryptsetup are intentionally always available.
This was my intention since the beginning I started to add external
format support (loopaes, truecrypt etc).

...


What issues this solves have here? Why you cannot link it?


On an embedded device with uClibc I need libiconv which is 1.4MB in
size. I was hoping to avoid having to ship this rather large library.
While it's awesome that cryptsetup now supports bitlk partitions, I
don't think it will see much use on embedded devices (e.g. a small file
server).


So the whole problem is just to save 1.4M? I thought you cannot compile it at all.

Then this is not really something what I think is really important
- cryptsetup is not indented to be used in super-small embedded devices.
(But yes, we try to avoid big libraries dependences. But bitlk support is
mandatory function now.)

You can always add own patches obviously, it is OSS, but this is not going
to be merged upstream.


We use only some specific functions so the solution can be just to implement this internally.


Converting passphrases to utf16 is mandatory for bitlk support, right?


Not only passphrases, labels etc are stored in utf16. But it is only small
subset of iconv we need.

In general, I'm not sure if all this is feasible - libcryptsetup is
already 1.9MB and maintaining a mini-iconv is error-prone and likely to
remain mostly untested.


Systemd implements own utf functions (not sure why).
I would better add similar to libcryptsetup just for bitlk format (with unit test),
but not sure it is worth to spend time here... (IOW remove iconv dependence completely.)

(Anyway, cc to Vojta, who wrote this code.)

Milan
_______________________________________________
dm-crypt mailing list -- dm-crypt@xxxxxxxx
To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux