[dm-crypt] LUKS2 resizing
andrius at stikonas.eu
Thu Dec 14 20:22:03 CET 2017
I don't think --ask-always option would be necessary... I think cryptsetup status is more than enough.
I have to do some screen scrubbing in other places too, e.g. new file system (and version version) detection
code now screen scrubs "udevadm info --query property" to detect whether e.g. it is LUKS1 or LUKS2 or even FAT12.
Actually, do I even need cryptsetup status KDE Partitition Manager only allows resizing unlocked LUKS volumes
(so that internal file system can also be resized). So if I understand correctly it will never ask for passphrase in LUKS1
case but it will always ask in LUKS2 case.
2017 m. gruodžio 14 d., ketvirtadienis 10:23:21 GMT rašėte:
> On 12/13/2017 07:05 PM, Andrius Štikonas wrote:
> > Exit code status should be fine for me. I'll just check for it to be 0. I can't really
> > use libcryptsetup anyway, I need to use cryptsetup executable as
> > KDE Partition Manager is a GUI app and linking to libcryptsetup would
> > require the whole app to be running as root which is a security issue for
> > GUI apps.
> I see.
> Well, you may either detect volume key was passed via kernel keyring to
> dm-crypt by following command: cryptsetup status <name>
> It prints usual status information together with line:
> "key location: keyring". If you see such line you know cryptsetup
> resize will ask for passphrase. But yes, it's screen scrubbing, not
> Or, we may implement option --ask-always (or similar) and cryptsetup
> resize will ask always for the passphrase to verify (and also load)
> volume key during resize operation.
> Would it help?
> Also do you mind if I repost this e-mail back to mail list so that
> others see my answer?
I encourage the use of end to end email encryption
GPG key: https://stikonas.eu/andrius.asc
Fingerprint: 1EE5 A320 5904 BAA2 B88C 0A9D 24FD 3194 0095 C0E1
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the dm-crypt