Public bug reported: Currently the casper-rw persistent file can not be an encrypted container. The distribution livecd would be a more valuable product, if it allowed persistence to an encrypted container. The persistence feature of the livecd is very likely to be used on removable media, such as a usb flash drive. These are generally small and thus easily lost or misplaced. This could prove to be a security issue if it contains sensitive data.
I've attached a patch which allows casper to detect when the casper-rw file is a luks encrypted container. It will then ask the user for the password, unlock the container, and use the unencrypted device as if it were an unencrypted casper-rw. This is a basic, self-contained solution to this issue. A better solution would be to re-use the "setup_mapping" function in /scripts/local-top/cryptroot from initramfstools to setup the crypto device. However, it is currently not possible to source this function from another script because cryptroot calls "exit". What this patch does not support: * using a keyfile to decrypt the luks device * support for persistent, encrypted device partitions (must use an encrypted file on a supported filesystem) * support for other encrypted container formats (true-crypt, loop-aes, etc..) Reference: * http://ubuntuforums.org/showthread.php?t=1044182 * http://ubuntuforums.org/showthread.php?t=1171612 ** Affects: casper (Ubuntu) Importance: Undecided Status: New ** Tags: encryption enhancement ** Patch added: "luks-persistent-img.ubuntu.patch" https://bugs.launchpad.net/bugs/1215504/+attachment/3782764/+files/luks-persistent-img.ubuntu.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1215504 Title: allow luks encrypted casper-rw persistent file (patch) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/casper/+bug/1215504/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
