On 27/07/2022 17:52, Chris Murphy wrote:
On Wed, Jul 27, 2022, at 11:11 AM, Chris Adams wrote:
Once upon a time, Neal Gompa <ngompa13@xxxxxxxxx> said:
My understanding is that Windows preloads are now blank-encrypted.
That is, there's a BitLocker volume wrapping the filesystem, even with
encryption turned off. It makes encrypting the disk later
significantly easier (it doesn't have to do filesystem resizing and
reallocation games).
Huh, okay. It seems cryptsetup can't open it, but dislocker can.
You can do something like
dd if=/dev/nvme0n1p5 skip=1024000 count=2048 2>/dev/null | hexdump -C
And see if that 1MiB range looks like ciphertext (garbage) or plaintext. I wouldn't be surprised if it's encrypted, and the encryption key itself isn't wrapped, it's just exposed in the Bitlocker metadata in a way dislocker can discover and cryptsetup can't (yet) - but I'm speculating.
But this does mean that doing anything in anaconda based on detection of
BitLocker being present should consider that...
Either libblkid or cryptsetup would need to learn how to differentiate between the two kinds of Bitlocker volumes, in order for anaconda to have a chance of treating them differently. I'm not sure what the consideration would be though.
If you report this as a bug for cryptsetup (with description how to create such Bitlocker volume), we can check how to fix it.
Otherwise nothing happens :-)
The libblkid change will be perhaps simple once we understand metadata.
Milan
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
