From: Heiko Baums <lists@baums-on-web.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] cryptsetup wont use aes-xts:plain64
Date: Sat, 18 Apr 2015 14:44:23 +0200 [thread overview]
Message-ID: <553251A7.10205@baums-on-web.de> (raw)
In-Reply-To: <55324A34.8060600@ramses-pyramidenbau.de>
Am 18.04.2015 um 14:12 schrieb Ralf:
> No. Could you please explain why you think so?
> Even if your root partition is encrypted, your ramdisk could load the
> modules.
Are you sure about that? Are you sure that the necessary modules are
definitely put into the initrd and that the kernel will be able to load
them soon enough at boot time?
Compiling those modules into the kernel is definitely more secure (in
terms of being sure that they are always available) and doesn't do any
harm, because they need to be loaded anyway.
Btw., several dm-crypt/LUKS documentation (all that I've read) say that
those modules have to be compiled into the kernel directly.
> After loading the modules you can see that they are available by cat
> /proc/crypto.
You won't be able to run this command when the kernel tries to unlock
the LUKS container at boot time.
> The modules can be loaded _after_ bootup as well.
If you want to unlock the LUKS container at boot time (particularly if
your root partition is encrypted), loading the modules after bootup is
too late.
So I wouldn't risk it.
next prev parent reply other threads:[~2015-04-18 12:44 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-04-18 10:27 [gentoo-user] cryptsetup wont use aes-xts:plain64 Marko Weber | 8000
2015-04-18 11:48 ` Ralf
2015-04-18 12:07 ` Heiko Baums
2015-04-18 12:12 ` Ralf
2015-04-18 12:44 ` Heiko Baums [this message]
2015-04-18 13:45 ` Ralf
2015-04-18 12:33 ` Heiko Baums
2015-04-18 15:41 ` Heiko Baums
2015-04-20 13:40 ` Marko Weber | 8000
2015-04-19 1:35 ` Fernando Rodriguez
2015-04-19 1:47 ` Fernando Rodriguez
2015-04-20 13:43 ` Marko Weber | 8000
2015-04-20 17:43 ` Heiko Baums
2015-04-20 13:59 ` Marko Weber | 8000
2015-04-20 16:19 ` bitlord
-- strict thread matches above, loose matches on Subject: below --
2015-04-21 9:21 Marko Weber | 8000
2015-04-21 10:54 ` Heiko Baums
2015-04-22 4:09 ` R0b0t1
2015-04-22 7:46 ` Ralf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=553251A7.10205@baums-on-web.de \
--to=lists@baums-on-web.de \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox