[dm-crypt] Encrypting root filesystem without initrd support

Zaolin zaolin at das-labor.org
Mon Oct 14 11:53:41 CEST 2013


no! If you are on ARM you can use ARMORED from
Originally it was developed in order to withstand cold boot attacks on
ARM platforms (smartphones).

If you change some code to support a boot promt (see tresor patches), it
should be possible to login with a keyboard (touch screen -> good luck ;)).
Normally cryptsetup is used to setup the key derivation of a passphrase
in order to set the dm-crypt cipher key. That's  why it is needed.


> Hi,
> I am trying to make imx28 freescale board to boot from encrypted root
> filesystem, i am using plain dm-crypt with aes-cbc-essiv:sha256.
> Problem is that it doesn't use initrd during boot and i don't know
> where to put cryptsetup so that it can decrypt the partition.
> Is there any other way to use cryptsetup during boot without initrd or
> initramfs support.
> Thanks
> Rahul
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20131014/82433372/attachment.html>

More information about the dm-crypt mailing list