allow luks encrypted casper-rw persistent file (patch)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
casper (Ubuntu) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
Currently the casper-rw persistent file can not be an encrypted container. The distribution livecd would be a more valuable product, if it allowed persistence to an encrypted container. The persistence feature of the livecd is very likely to be used on removable media, such as a usb flash drive. These are generally small and thus easily lost or misplaced. This could prove to be a security issue if it contains sensitive data.
I've attached a patch which allows casper to detect when the casper-rw file is a luks encrypted container. It will then ask the user for the password, unlock the container, and use the unencrypted device as if it were an unencrypted casper-rw. This is a basic, self-contained solution to this issue.
A better solution would be to re-use the "setup_mapping" function in /scripts/
What this patch does not support:
* using a keyfile to decrypt the luks device
* support for persistent, encrypted device partitions (must use an encrypted file on a supported filesystem)
* support for other encrypted container formats (true-crypt, loop-aes, etc..)
Reference:
* http://
* http://
Changed in casper (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Wishlist |
tags: | added: saucy |
The attachment "luks-persisten t-img.ubuntu. patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]