[dm-crypt] Encrypting root filesystem without initrd support

Zaolin zaolin at das-labor.org
Mon Oct 14 11:53:41 CEST 2013


Hi,

no! If you are on ARM you can use ARMORED from
http://www1.informatik.uni-erlangen.de/tresor.
Originally it was developed in order to withstand cold boot attacks on
ARM platforms (smartphones).

If you change some code to support a boot promt (see tresor patches), it
should be possible to login with a keyboard (touch screen -> good luck ;)).
Normally cryptsetup is used to setup the key derivation of a passphrase
in order to set the dm-crypt cipher key. That's  why it is needed.

Regards
zaolin

> Hi,
>
> I am trying to make imx28 freescale board to boot from encrypted root
> filesystem, i am using plain dm-crypt with aes-cbc-essiv:sha256.
> Problem is that it doesn't use initrd during boot and i don't know
> where to put cryptsetup so that it can decrypt the partition.
>
> Is there any other way to use cryptsetup during boot without initrd or
> initramfs support.
>
> Thanks
> Rahul
>
>
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20131014/82433372/attachment.html>


More information about the dm-crypt mailing list