the keys are in kernelspace IIRC and thus updated / passed on initrd /initramfs updates and kernel updates
Corey W Sheldon
Freelance IT Consultant, Multi-Discipline Tutor
310.909.7672
On Sat, Sep 13, 2014 at 7:01 PM, Ian Pilcher <arequipeno@xxxxxxxxx> wrote:
On 09/13/2014 03:59 AM, Fred New wrote:
> One step up from this would be something like a kpatch process in rpm
> combined with packaged metadata that replaces in-memory modules so that
> reboots wouldn't be necessary. Yeh, probably impossible.
This has almost certainly already been considered by people smarter than
me, but it occurs to me that there's no reason that kexec couldn't some-
how pass LUKS/dm-crypt keys to the new kernel.
--
========================================================================
Ian Pilcher arequipeno@xxxxxxxxx
-------- "I grew up before Mark Zuckerberg invented friendship" --------
========================================================================
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct