Annotation of wikisrc/projects/project/transparent-cgd.mdwn, revision 1.2

1.1       dholland    1: [[!template id=project
                      2: 
                      3: title="Transparent full-disk encryption"
                      4: 
                      5: contact="""
                      6: [tech-kern](mailto:tech-kern@NetBSD.org)
                      7: """
                      8: 
                      9: category="filesystems"
                     10: difficulty="medium"
                     11: duration="2 months"
                     12: 
                     13: description="""
1.2     ! leot       14: While currently we have the [[!template id=man name="cgd" section="4"]]
        !            15: driver for encrypting disks, setting it up is fairly involved.
1.1       dholland   16: Furthermore, while it's fairly easy to use it just for /home, in an
                     17: ideal world the entire disk should be encrypted; this leads to some
                     18: nontrivial bootstrapping problems.
                     19: 
                     20: Develop a scheme for mounting root on cgd that does not require
                     21: explicit manual setup, that passes cryptographic muster, and that
                     22: protects everything on the root volume except for what absolutely must
                     23: be exposed.
                     24: Implement it.
                     25: 
                     26: The following is a non-exhaustive list of issues to consider:
1.2     ! leot       27: 
1.1       dholland   28:  * How should we tell when root should be on cgd (perhaps in boot.cfg?)
                     29:  * When (and how) do we enter the passphrase needed to mount root (at mount-root time? in the bootloader? after mounting a fake root?)
                     30:  * Key management for the encryption passphrase
                     31:  * Where to keep the bootloader and/or kernels
                     32:  * Should the bootloader be able to read the cgd to get the boot kernel from it?
                     33:  * If the kernel is not on cgd, should it be signed to allow the bootloader to verify it?
                     34:  * Integration with sysinst so all you need to do to get FDE is to hit a checkbox
                     35:  * Perhaps, making it easy or at least reasonably possible to migrate an unencrypted root volume to cgd
                     36: 
1.2     ! leot       37: Note that while [[!template id=man name="init" section="8"]] currently has a scheme for mounting a
1.1       dholland   38: temporary root and then chrooting to the real root afterwards, it
                     39: doesn't work all that well.
1.2     ! leot       40: Improving it is somewhat difficult; also, ideally
        !            41: [[!template id=man name="init" section="8"]]
        !            42: would be on the encrypted root volume.
1.1       dholland   43: It would probably be better to support mounting the real root directly
                     44: on cgd.
                     45: 
                     46: Another option is a pivot_root type of operation like Linux has, which
                     47: allows mounting a fake root first and then shuffling the mount points
                     48: to move something else into the / position.
                     49: This has its drawbacks as well, and again ideally there would be no
                     50: unencrypted fake root volume.
                     51: 
                     52: """
                     53: ]]

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb