Demand for LUKS password blocks boot
Bryn M. Reeves
bmr at redhat.com
Tue Jan 26 09:35:20 UTC 2010
On 01/25/2010 08:12 PM, Robin Laing wrote:
> On 01/21/2010 08:32 AM, Ed Greshko wrote:
>> Dr. Michael J. Chudobiak wrote:
>>> On 01/21/2010 09:40 AM, Bryn M. Reeves wrote:
>>>
>>>>> From:
>>>>> https://fedoraproject.org/wiki/Dracut/Options#crypto_LUKS
>>>>>
>>>>> Pass: rd_NO_LUKS to your kernel boot line.
>
>>>
>> What happens if you normally want a particular uuid to be activated on
>> boot...but there is a power fail and restore at 3am? Wouldn't you still
>> be stuck with a system waiting for the password when what you may want
>> would be for the system to come up without that device? Wouldn't a
>> rd_LUKS_timeout=<X seconds> make sense?
>>
>>
>
> If a drive is encrypted, where do you expect to get the password from?
>
> I am just curious because I have started to encrypt my drives and I have
> to enter the password on each boot. It is to ensure that the system
> cannot be accessed unless the password is entered.
>
> Maybe my concept of encrypted partitions is different than yours.
>
Some people use pre-configured keys stored in /etc/crypttab. While it's
not as secure as requiring a passphrase be entered on each boot it does
provide more protection than not encrypting anything and it provides a
set of tradeoffs that some people are happy with.
Regards,
Bryn.
More information about the users
mailing list