[dm-crypt] Feitian PKI donation to dm-crypt projetc

Jean-Michel Pouré - GOOZE jmpoure at gooze.eu
Sat Nov 6 19:16:25 CET 2010

Le vendredi 05 novembre 2010 à 17:29 +0100, Ma Begaj a écrit :
> A script on a encrypted root partition could compare (upon decryption)
> md5
> checksum of initramfs with the saved md5 checksum (with md5sum) and
> show
> alert message if sums do not match. 

When using smartcards, secrets are not displayed. So why should we need
to crypt the initramfs at first stage? We only need to boot in first
stage, non-encrypted, and then request secrets from PKCS#11 and uncrypt
the complete system. 

What do you think?
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

More information about the dm-crypt mailing list