add installer support for dm-crypt on root

Registered by Andreas Jellinghaus on 2006-04-20

would be nice if the installer:
a) could setup a boot partition and a root with dm-cypt.
b) not create a swap partition instead add a swapfile to the root partition (so it is also
crypted and more flexbile - can be resized easily)
c) maybe add software suspend 2 to the kernel which can work fine with all this (swapfiles, encrypted root, ...)
d) modify initramfs to have scripts that ask for password etc.

implementation notes:
the lrw implementation in linux kernel can't be used for some reason, so essiv is the best encryption mode. "plain" is compatible to older crypto loop but not as secure.
do not hash a password and use as crypto key. that way the password can't be changes. instead use some random bytes as crypto key, and add those random bytes encrypted with a passphrase to the initramfs. (or use luks if you prefer. but with this option the key could be stored also on a smart card, with luks that would be possible).

Blueprint information

Status:
Complete
Approver:
Scott James Remnant (Canonical)
Priority:
Undefined
Drafter:
Martin Pitt
Direction:
Needs approval
Assignee:
Colin Watson
Definition:
Drafting
Series goal:
Proposed for gutsy
Implementation:
Implemented
Milestone target:
None
Started by
Colin Watson on 2007-10-04
Completed by
Colin Watson on 2007-10-12

Related branches

Sprints

Whiteboard

pitti: tentatively setting Assignee to cjwatson, since this is by and large an installer change. Most of the work is already done in Debian, though.

2007-10-12 kamion: This is in place in Gutsy now.

(?)

Work Items