On Thu, Jan 11, 2024 at 01:47:59AM +0000, Luca Boccassi wrote: > cryptsetup 2.7.0, currently in experimental, added support for self > encrypting drives using the OPAL functionality as the encryption layer > (managed by the kernel, not by the TCG utilities), both in standalone [...] > I have added support for these new options in partman-crypto, MR on > Salsa is open: > > https://salsa.debian.org/installer-team/partman-crypto/-/merge_requests/7 > > The new options are shown only in the manual partitioning mode, and > only if the kernel, cryptsetup and the device all support this > functionality, otherwise they are hidden. A factory reset option for > the disk is also exposed. A small utility to call the required ioctl to > check for support on a given disk is added too.
doesnt OPAL functionality rely on the implementation on the hdd/sdd and thus on non-free software? If so, I'd suggest to warn that it's impossible to review the security of this. also see https://wiki.archlinux.org/title/Self-encrypting_drives#Disadvantages I'm not against adding this functionality per se, I just think it should come with really big warning labels. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The people who refer to the pandemic in the past tense and climate change in the future tense are the reason everything is going to shit.
signature.asc
Description: PGP signature
