Hello Richard, On 01.04.21 12:53, Richard Weinberger wrote: > Ahmad, > > ----- Ursprüngliche Mail ----- >> Do you mean systemd-cryptsetup? It looks to me like it's just a way to supply >> the keyphrase. With trusted keys and a keyphrase unknown to userspace, this >> won't work. > > Nah, I meant existing scripts/service Files. > >> I don't (yet) see the utility of it without LUKS. Perhaps a command dump on how >> to do the same I did with dmsetup, but with cryptsetup plain instead could >> help me to see the benefits? > > My reasoning is simple, why do I need a different tool when there is already one > that could do the task too? > Usually the systems I get my hands on use already dm-crypt with cryptsetup in some way. > So I have the tooling already in my initramfs, etc.. and need to adopt the callers of cryptsetup a little. > > If I need all of a sudden different/additional tooling, it means more work, more docs to write, > more hassle with crypto/system reviewers, etc... > > I don't want you to force to use cryptsetup. I'd love to use cryptsetup with LUKS and trusted keys eventually. I'll take a look and see if cryptsetup plain maybe a suitable stop-gap solution for us. > The only goal was pointing out that it can be done with cryptsetup and that there > is already code such that no work is done twice. > One the kernel side it does not matter. Thanks for the pointer, Ahmad > > Thanks, > //richard > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
