[dm-crypt] Disadvantages of many temporary keys?

L. Rose lists at lrose.de
Sat Oct 28 03:09:13 CEST 2017


Hi everyone,

My setup runs off a dmcrypt/luks encrypted drive. I want to do daily
unattended reboots, so I don't want to have to enter the password upon
reboot. I thought of generating a random temporary key, inserting that
into a secondary slot on my container using luksAddKey and preparing a
custom initramfs containing that temporary key, so that the system can
unlock the container once after the reboot. When the system is up and
running again, I'll remove that random temporary key from both the
container and the initramfs.

My question is: Do dmcrypt/luks containers suffer from frequent key
adding/removal? Will the container degrade because of this usage, or
maybe get errors? If so, is there a better way for unattended reboots?

Thanks a lot for any thoughts on that!

Regards,

L. Rose



More information about the dm-crypt mailing list