Project Description

Full disk encryption currently requires each stage to gain knowledge of the keys independently, which means asking the user or bundling the key (in the initramfs).

In order to avoid the hassle, let's implement a key sharing mechanism so that GRUB can boot from an encrypted volume and pass it's keys to the OS.

Goal for this Hackweek

  • Add support for appending GRUB's learned keys to an initramfs.
  • Enable the early init environment to use said keys to mount the encrypted volumes.

Resources

Looking for hackers with the skills:

Nothing? Add some keywords!

This project is part of:

Hack Week 23

Activity

  • 5 months ago: ismaell left this project.
  • 5 months ago: ismaell liked this project.
  • over 1 year ago: dsterba liked this project.
  • almost 2 years ago: fos liked this project.
  • almost 2 years ago: shunghsiyu liked this project.
  • almost 2 years ago: ancorgs liked this project.
  • almost 2 years ago: oholecek liked this project.
  • almost 2 years ago: iivanov liked this project.
  • almost 2 years ago: ismaell started this project.
  • almost 2 years ago: mwilck liked this project.
  • almost 2 years ago: ismaell originated this project.

  • Comments

    • michael-chang
      almost 2 years ago by michael-chang | Reply

      I had a parallel project to avoid input password twice and you might be interested in these three patches appending learned keys from grub to initramfs in regards to /etc/crypttab that could be readily picked up by linux cryptosetup. Not sure how much this aligns to your goals here, but hope this helps a bit. :)

      patch 01 patch 02 patch 03

      • ismaell
        over 1 year ago by ismaell | Reply

        It's exactly what I had in mind. I've made a few changes I'll publish later.

      • ismaell
        over 1 year ago by ismaell | Reply

        Had you plans to submit this upstream?

    Similar Projects

    This project is one of its kind!