Project Description

Full disk encryption currently requires each stage to gain knowledge of the keys independently, which means asking the user or bundling the key (in the initramfs).

In order to avoid the hassle, let's implement a key sharing mechanism so that GRUB can boot from an encrypted volume and pass it's keys to the OS.

Goal for this Hackweek

  • Add support for appending GRUB's learned keys to an initramfs.
  • Enable the early init environment to use said keys to mount the encrypted volumes.

Resources

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 21

Activity

  • 3 months ago: dsterba liked this project.
  • 3 months ago: fos liked this project.
  • 3 months ago: shunghsiyu liked this project.
  • 3 months ago: ancorgs liked this project.
  • 3 months ago: oholecek liked this project.
  • 3 months ago: iivanov liked this project.
  • 3 months ago: ismaell started this project.
  • 4 months ago: mwilck liked this project.
  • 4 months ago: ismaell originated this project.

  • Comments

    • michael-chang
      3 months ago by michael-chang | Reply

      I had a parallel project to avoid input password twice and you might be interested in these three patches appending learned keys from grub to initramfs in regards to /etc/crypttab that could be readily picked up by linux cryptosetup. Not sure how much this aligns to your goals here, but hope this helps a bit. :)

      patch 01 patch 02 patch 03

      • ismaell
        3 months ago by ismaell | Reply

        It's exactly what I had in mind. I've made a few changes I'll publish later.

      • ismaell
        3 months ago by ismaell | Reply

        Had you plans to submit this upstream?

    Similar Projects

    This project is one of its kind!