fai-cd - encryption possibilities
Étienne Mollier
etienne.mollier at mailoo.org
Fri Mar 22 22:27:49 CET 2019
Good Day Just,
Justin Cattle, on 2019-03-22 :
> Has anyone ever though about or implemented some form of
> encrypted volume within the fai images created using fai-cd ?
Yes!
> I'm thinking about some encryption, such that the initramfs or
> systemd prompts for a password to unlock it.
>
> I'm not sure quite how to easy it is to hook into the fai-cd
> image build process though to customise it.
> I presume I can't really do anything like "disk_config" ?
It would actually be quite possible, have a look at the
setup-storage manual:
http://fai-project.org/doc/man/setup-storage.html
There is a chapter named "Crypt example" in which a few
disk_config entries are shown setting up cryptsetup volumes.
If you are not afraid to put your passphrases in cleartext in
the disk_config/, you can even define it at installation time.
Otherwise, the key is left in a temporary file during
installation, using crypttab and stuff; I am not that well aware
of the details for this part unfortunately.
Anyway, the thing is definitely possible, and relatively simple.
Kind Regards
--
Étienne Mollier <etienne.mollier at mailoo.org>
All opinions are my own.
More information about the linux-fai
mailing list