Why do you need offset and size options? keyfile option should be repeteable. The whole array would be passed down and file would be opened instead before reading password and concatebated with it unless --no-password was specified as well. If you have remaining questions feel free to ask here or on IRC. On Nov 20, 2013 12:43 AM, "Ralf Ramsauer" <ralf+g...@ramses-pyramidenbau.de> wrote:
> Hi, > > yesterday I realised, that GRUB is already supporting LUKS and even > simple DSA signature checking. > > I was thinking about the following setup: > - fully encrypted harddisk (LUKS) (incl. rootfs). > - no bootloader on harddisk > - kernel + initrd inside encrypted partition > - optionally: signatures of the kernel + initrd > > For "trusted" booting, I thought about an USB stick, that just includes > GRUB, a public key for verification and a keyfile for LUKS. > Using that setup, no password input would be required during boot. The > USB stick can be considered as "trusted environment". > > Unfortunately, GRUB doesn't support keyfile for Luks up to now. As I'm > quite familiar with dm-crypt and LUKS I tried to implement the keyfile > feature to GRUB. > After spending several hours trying to get a deeper insight into the > GRUB internas I finally resigned, as I was missing documentation on > several things... > > I was very confused about the way how GRUB2 is handling its modules and > about the strategies how functions are exactly called. > The aim is to implement three additional options to cryptodisk.c resp. > luks.c: > -k keyfile [e.g. (hd2,msdos3)/mysecretkey] > -o keyfile offset [optional, default: 0] > -s keyfile size [optional, default: keyfilesize] > > Using LUKS, a keyfile can simply be treated like a passphrase, which > basically is already implemented. > > I would appreciate, if perhaps someone of you could help me with this > issue. > > Thanks in advance! > Ralf > > -- > Ralf Ramsauer > > PGP: 0x8F10049B > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel >
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
