fai-cd - encryption possibilities

Justin Cattle j at ocado.com
Fri Mar 22 23:36:59 CET 2019


Hi Étienne,


Thanks very much for your response.

Re-reading my email, I don't think I was clear enough.  So I _think_  you
may have mis-understood what I was asking.

What I actually want to do is, produce an ISO using the fai-cd utility, but
make some of the contents of that ISO encrypted.
So, not encrypting the disks in the server, but part or all of the ISO used
to build the server.

It maybe that's what you meant too, in which case I'd like more detail on
how I would use setup-storage as part of the ISO creation :)

So, apologies if I was a mis-understanding, and I look forward to any
further responses :)

Thanks!


Cheers,
Just


On Fri, 22 Mar 2019 at 21:28, Étienne Mollier <etienne.mollier at mailoo.org>
wrote:

> Good Day Just,
>
> Justin Cattle, on 2019-03-22 :
> > Has anyone ever though about or implemented some form of
> > encrypted volume within the fai images created using fai-cd ?
>
> Yes!
>
> > I'm thinking about some encryption, such that the initramfs or
> > systemd prompts for a password to unlock it.
> >
> > I'm not sure quite how to easy it is to hook into the fai-cd
> > image build process though to customise it.
> > I presume I can't really do anything like "disk_config" ?
>
> It would actually be quite possible, have a look at the
> setup-storage manual:
>
>         http://fai-project.org/doc/man/setup-storage.html
>
> There is a chapter named "Crypt example" in which a few
> disk_config entries are shown setting up cryptsetup volumes.
> If you are not afraid to put your passphrases in cleartext in
> the disk_config/, you can even define it at installation time.
> Otherwise, the key is left in a temporary file during
> installation, using crypttab and stuff; I am not that well aware
> of the details for this part unfortunately.
>
> Anyway, the thing is definitely possible, and relatively simple.
>
> Kind Regards
> --
> Étienne Mollier <etienne.mollier at mailoo.org>
>
> All opinions are my own.
>
>
>

-- 


Notice:  This email is confidential and may contain copyright material of 
members of the Ocado Group. Opinions and views expressed in this message 
may not necessarily reflect the opinions and views of the members of the 
Ocado Group. 

 

If you are not the intended recipient, please notify us 
immediately and delete all copies of this message. Please note that it is 
your responsibility to scan this message for viruses. 

 

Fetch and Sizzle 
are trading names of Speciality Stores Limited and Fabled is a trading name 
of Marie Claire Beauty Limited, both members of the Ocado Group.

 


References to the “Ocado Group” are to Ocado Group plc (registered in 
England and Wales with number 7098618) and its subsidiary undertakings (as 
that expression is defined in the Companies Act 2006) from time to time.  
The registered office of Ocado Group plc is Buildings One & Two, Trident 
Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20190322/c363e9a1/attachment-0001.html>


More information about the linux-fai mailing list