New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stage-1: Add interactive LUKS decrypting #234
stage-1: Add interactive LUKS decrypting #234
Conversation
09019e6
to
5f56ba5
Compare
This will be useful for some tests.
This, with the upcoming luks task allows encrypted drives to work!
5f56ba5
to
2128889
Compare
They will, at some point, be promoted into LVGUI. For the time being they are local as they have only been verified to work in a useful manner for this limited use case.
The following commit will plug it into the messages queue.
For now, extremely assumed to be passphrase input.
These changes implement the different protocol changes.
This way we really only update the current state bit we want to affect.
With the same tooling we will be able to ask for a throbber or some other kind of work indicator.
2128889
to
a1813ef
Compare
In addition to the VM, tested on-device with a Pinephone. Sadly, no instructions to setup, this was all done manually in a bad way; more work is expected later for installing. The quick notes is: prepare a custom initrd with cryptsetup and full utillinux, partition the eMMC as you would like, flash a system with a custom configuration. You might also want to use JumpDrive instead of a custom initrd, but my pinephone has issues with USB. |
This builds upon #233, soon-to-be merged.
This adds the required facilities for asking for the passphrase during the boot progress tracking
In addition to a test system made specifically to test that the unlocking works.
Note that there is no automatic way to get encryption going on your device yet. This is for something further along. For the time being, you will have to manually configure your stage-1 to know about the cryptsetup setup for your device. In addition, you will have to handle
cryptsetup reencrypt
yourself on your device. (Check the testing system, there may be clues, e.g. using 32MB for resize.)I will, at some point, add documentation about manually encrypting a device, but that will happen once I have done it and tested it. Though the steps are quite obvious: (1) somehow get
cryptsetup reencrypt
going on your rootfs (2) update stage-1 with a build that knows about the encryption.The plan is to, instead, make a specialized "installer"
boot.img
(stage-1 only system) that would know about that, but this is strictly for the future.