653004 – sys-fs/cryptsetup - /etc/init.d/dmcrypt: add more options for keyfiles and temp device

Bug 653004 - sys-fs/cryptsetup - /etc/init.d/dmcrypt: add more options for keyfiles and temp device

Summary: sys-fs/cryptsetup - /etc/init.d/dmcrypt: add more options for keyfiles and te...

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo's Team for Core System packages

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2018-04-12 09:40 UTC by ARaspiK
Modified:	2018-04-12 09:52 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description ARaspiK 2018-04-12 09:40:13 UTC

[Note: First bug filed]

I'd like to suggest adding more advanced keyfile options (size and offset, specifically) and a 'tempmnt'-like option that allows one to temporarily mount something that is encrypted and use it as a keyfile.

My /boot contains a keys files, which is a LUKS container which consists of keys which are side-by-side on the disk and have to be accessed via --keyfile-offset and --keyfile-size. For extra security I should be able to only temporarily mount /boot/keys.

Comment 1 ARaspiK 2018-04-12 09:43:02 UTC

I suggest that along with target and swap, a tempmnt section can be specified with all the regular options, but it is remembered and detached when everything has been mounted.