Annotation of wikisrc/projects/project/transparent-cgd.mdwn, revision 1.1
1.1 ! dholland 1: [[!template id=project
! 3: title="Transparent full-disk encryption"
! 5: contact="""
! 6: [tech-kern](mailto:tech-kern@NetBSD.org)
! 7: """
! 9: category="filesystems"
! 10: difficulty="medium"
! 11: duration="2 months"
! 13: description="""
! 14: While currently we have the cgd(4) driver for encrypting disks,
! 15: setting it up is fairly involved.
! 16: Furthermore, while it's fairly easy to use it just for /home, in an
! 17: ideal world the entire disk should be encrypted; this leads to some
! 18: nontrivial bootstrapping problems.
! 20: Develop a scheme for mounting root on cgd that does not require
! 21: explicit manual setup, that passes cryptographic muster, and that
! 22: protects everything on the root volume except for what absolutely must
! 23: be exposed.
! 24: Implement it.
! 26: The following is a non-exhaustive list of issues to consider:
! 27: * How should we tell when root should be on cgd (perhaps in boot.cfg?)
! 28: * When (and how) do we enter the passphrase needed to mount root (at mount-root time? in the bootloader? after mounting a fake root?)
! 29: * Key management for the encryption passphrase
! 30: * Where to keep the bootloader and/or kernels
! 31: * Should the bootloader be able to read the cgd to get the boot kernel from it?
! 32: * If the kernel is not on cgd, should it be signed to allow the bootloader to verify it?
! 33: * Integration with sysinst so all you need to do to get FDE is to hit a checkbox
! 34: * Perhaps, making it easy or at least reasonably possible to migrate an unencrypted root volume to cgd
! 36: Note that while init(8) currently has a scheme for mounting a
! 37: temporary root and then chrooting to the real root afterwards, it
! 38: doesn't work all that well.
! 39: Improving it is somewhat difficult; also, ideally init(8) would be on
! 40: the encrypted root volume.
! 41: It would probably be better to support mounting the real root directly
! 42: on cgd.
! 44: Another option is a pivot_root type of operation like Linux has, which
! 45: allows mounting a fake root first and then shuffling the mount points
! 46: to move something else into the / position.
! 47: This has its drawbacks as well, and again ideally there would be no
! 48: unencrypted fake root volume.
! 50: """
! 51: ]]
CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb