[dm-crypt] contribution offer and questions - LUKS system encryption with detached header

Jim F jfelyokees at shmem.com
Fri Oct 19 06:10:25 CEST 2012

I modified scripts to allow system encryption with a detached LUKS 
header. Everything but /boot is encrypted and the header can be either 
a partition or a file (say) in the initrd in /boot. And /boot can be on 
a separate device, e.g. a USB thumb drive, so the system drive can have 
only encrypted data with no indication that it's LUKS encrypted.

I'm writing to see if the changes would be of interest to anyone and 
how to include them in a package. I was using Linux Mint 12 but they 
should work (at least) with any of the Debian derivatives.

LM12 came with cryptsetup 1.1.3 so I got the latest source which at 
that time was 1.4.1. Since I didn't see any of the initramfs-tools 
scripts in the cryptsetup source, I assumed they were distributed in a 
different package. I've subsequently found that while there is a 
initramfs-tools package, the scripts related to cryptsetup are in the 
cryptsetup package. This observation applies at least to Debian, Ubuntu 
and Linux Mint.

Because of the difference in the source and packaging, I have the 
modified 1.1.3 scripts working with the 1.4.1 cryptsetup I built. After 
taking a quick look at 1.4.3, I've concluded it won't be too much work 
to get the changes in sync. However it would be best to do this only 
once. I was thinking about doing it with 1.4.3 which comes with Ubuntu 
12.10 but I see that 1.5.1 has just been released.

Given all this, can someone tell me:

  - how the scripts get packaged with cryptsetup since they don't 
appear to be in its source tree?

  - where the scripts are?

  - how to get the changes included with the distributions, assuming 
there's interest?



More information about the dm-crypt mailing list