[systemd-devel] [PATCH] cryptsetup: add keyfile-offset= support
Matthew Monaco
dgbaley27 at 0x01b.net
Mon Jul 9 08:02:20 PDT 2012
On 07/09/2012 10:51 AM, Lennart Poettering wrote:
> On Fri, 29.06.12 13:40, Tom Gundersen (teg at jklm.no) wrote:
>
>> This is useful if your keyfile is a block device, and you want to
>> use a specific part of it, such as an area between the MBR and the
>> first partition.
>>
>> This feature is documented in the Arch wiki[0], and has been supported
>> by the Arch initscripts, so would be nice to get this into systemd.
>
> Hmm, I am not opposed to merge this, but before I do: I am a bit puzzled
> what the usecase for this is -- why would you store the key like this?
> Kinda defeats the purpose of encryption, no?
>
> Lennart
>
It's no different than storing your key as a file (on a USB key) except there's
a little added obfuscation. Also, it's simpler (imo); you don't have to wait for
a FS to be mounted when unlocking your dm-crypt device.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20120709/b1290123/attachment.pgp>
More information about the systemd-devel
mailing list