<div dir="ltr"><div dir="ltr">Hi Étienne,</div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">Thanks very much for your response.</div><div dir="ltr"><br></div><div dir="ltr">Re-reading my email, I don't think I was clear enough. So I _think_ you may have mis-understood what I was asking.</div><div dir="ltr"><br></div><div dir="ltr">What I actually want to do is, produce an ISO using the fai-cd utility, but make some of the contents of that ISO encrypted.</div><div dir="ltr">So, not encrypting the disks in the server, but part or all of the ISO used to build the server.</div><div dir="ltr"><br></div><div>It maybe that's what you meant too, in which case I'd like more detail on how I would use setup-storage as part of the ISO creation :)</div><div><br></div><div>So, apologies if I was a mis-understanding, and I look forward to any further responses :)</div><div dir="ltr"><br></div><div dir="ltr">Thanks!</div><div dir="ltr"><br clear="all"><div><div dir="ltr" class="gmail_signature"><div><br></div>Cheers,<div>Just</div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 22 Mar 2019 at 21:28, Étienne Mollier <<a href="mailto:etienne.mollier@mailoo.org">etienne.mollier@mailoo.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Good Day Just,<br>
<br>
Justin Cattle, on 2019-03-22 :<br>
> Has anyone ever though about or implemented some form of<br>
> encrypted volume within the fai images created using fai-cd ?<br>
<br>
Yes!<br>
<br>
> I'm thinking about some encryption, such that the initramfs or<br>
> systemd prompts for a password to unlock it.<br>
><br>
> I'm not sure quite how to easy it is to hook into the fai-cd<br>
> image build process though to customise it.<br>
> I presume I can't really do anything like "disk_config" ?<br>
<br>
It would actually be quite possible, have a look at the<br>
setup-storage manual:<br>
<br>
<a href="http://fai-project.org/doc/man/setup-storage.html" rel="noreferrer" target="_blank">http://fai-project.org/doc/man/setup-storage.html</a><br>
<br>
There is a chapter named "Crypt example" in which a few<br>
disk_config entries are shown setting up cryptsetup volumes.<br>
If you are not afraid to put your passphrases in cleartext in<br>
the disk_config/, you can even define it at installation time.<br>
Otherwise, the key is left in a temporary file during<br>
installation, using crypttab and stuff; I am not that well aware<br>
of the details for this part unfortunately.<br>
<br>
Anyway, the thing is definitely possible, and relatively simple.<br>
<br>
Kind Regards<br>
-- <br>
Étienne Mollier <<a href="mailto:etienne.mollier@mailoo.org" target="_blank">etienne.mollier@mailoo.org</a>><br>
<br>
All opinions are my own.<br>
<br>
<br>
</blockquote></div>
<br>
<p style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em;margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px">Notice: This email is confidential and may contain copyright material of members of the Ocado Group. Opinions and views expressed in this message may not necessarily reflect the opinions and views of the members of the Ocado Group. </span></font></p><p style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em;margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px"> </span></font></p><p style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em;margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px">If you are not the intended recipient, please notify us immediately and delete all copies of this message. Please note that it is your responsibility to scan this message for viruses. </span></font></p><p style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em;margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px"> </span></font></p><p style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em;margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px">Fetch and Sizzle are trading names of Speciality Stores Limited and Fabled is a trading name of Marie Claire Beauty Limited, both members of the Ocado Group.</span></font></p><p style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em;margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif"><span style="font-size:14.6667px"> </span></font></p><p style="margin:0px;background-color:rgb(255,255,255)"><font color="#aeaaaa" face="Calibri, sans-serif" style="font-family:Arial,Helvetica,sans-serif;font-size:1.3em"><span style="font-size:14.6667px">References to the “Ocado Group” are to Ocado Group plc (registered in England and Wales with number 7098618) and its subsidiary undertakings (as that expression is defined in the Companies Act 2006) from time to time. The registered office of Ocado Group plc is </span></font><font color="#aeaaaa" face="calibri, sans-serif"><span style="font-size:14.6667px">Buildings One & Two, Trident Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL</span></font><span style="font-family:Arial,Helvetica,sans-serif;font-size:14.6667px;color:rgb(174,170,170)"><font face="Calibri, sans-serif">.</font></span></p>