From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Jbf75-0000O9-6o for garchives@archives.gentoo.org; Tue, 18 Mar 2008 16:56:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B0DFFE059E; Tue, 18 Mar 2008 16:56:33 +0000 (UTC) Received: from out1.smtp.messagingengine.com (out1.smtp.messagingengine.com [66.111.4.25]) by pigeon.gentoo.org (Postfix) with ESMTP id 9B3FAE059E for ; Tue, 18 Mar 2008 16:56:33 +0000 (UTC) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 70267D5FFB; Tue, 18 Mar 2008 12:56:33 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Tue, 18 Mar 2008 12:56:33 -0400 X-Sasl-enc: gPWHedTSoIPFBSBPj7e0NlQW4YvbJ7vRmFnYpZd82ZWw 1205859392 Received: from [192.168.2.2] (dslb-088-072-138-053.pools.arcor-ip.net [88.72.138.53]) by mail.messagingengine.com (Postfix) with ESMTPSA id 79EC6B7BE for ; Tue, 18 Mar 2008 12:56:32 -0400 (EDT) Subject: [gentoo-user] Initrd-script questions From: Florian Philipp To: Gentoo-User Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-Urz3X7uWD0a9B2PWHt5/" Date: Tue, 18 Mar 2008 17:56:30 +0100 Message-Id: <1205859390.7981.16.camel@NOTE_GENTOO64.PHHEIMNETZ> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 X-Archives-Salt: 22544891-da3b-44ec-a474-bd8d9771803f X-Archives-Hash: 78ea693e73a48e99d4f82b9bae5d388d --=-Urz3X7uWD0a9B2PWHt5/ Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi list! I'd like to have some advice on my situation: I have a custom init-script (derived from genkernel). What it already does is to let gpg ask for a passphrase to decrypt a file on /boot and then to use to content of that file as the key to a LUKS-formatted swap (logical volume) which is then used to resume from disk. What I would also like to do is to use the very same key for other lvm-volumes like /var and /var/tmp but that doesn't seem that easy. First idea: Just do the same as with the swap-volume. However, all other mappings are gone after resuming/booting. Second idea: Write the plaintext-keyfile to /boot and then use it via /etc/conf.d/cryptfs before removing it in a secure manner (srm, provided by app-misc/secure-delete). Problem: When resuming, /boot is already mounted. Writing to it and then resuming leads to filesystem corruption. Third idea: Using a dedicated volume for storing the plaintext key. Cumbersome, doesn't reduce the risk that srm isn't enough to protect the key. So ... what I'd need is a way to transfer data between an initial ramdisk and the real init. Ideally in form of tmpfs-mountpoint. I don't think my odds are very high but I just wanted to ask... Thanks in advance! Florian Philipp --=-Urz3X7uWD0a9B2PWHt5/ Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQBH3/Q+qs4uOUlOuU8RAjijAJ4xpguyhl/9ubvLgwpoferso9FRgACfaG46 hkJfDFaC5vElHMDaxg0lF8k= =xl+m -----END PGP SIGNATURE----- --=-Urz3X7uWD0a9B2PWHt5/-- -- gentoo-user@lists.gentoo.org mailing list