© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
@vorlon I understand the position you are taking. What you have said is true: without measuring the initrd, it does degrade security compared to passphrase-based encryption.
While I'm sure there are those who are disappointed, perhaps disagree even for their use, I'd suggest we avoid debating the relative merit or belief in how useful it may still be to have the functionality while the initrd vulnerability persists, and spend the energy on removing the vulnerability (as it doesn't seem like it's too much work anyway)!
To that end I'd propose we create a new ticket that discusses the issue of creating a Unified Kernel Image (unless someone knows of an appropriate one already?), and leave this thread to focus on the scripts that are used to unlock the LUKS container using the TPM.
Given that I have created quite small patches for files that implement a solution to unlocking the LUKS container using the TPM in the initramfs and that is what this thread is about, perhaps someone can either comment on the patches, or tell me where & how to submit the patches for review?
Thanks!