Re: [PATCH] Masking kernel commandline parameters (2.6.7)

From: Eric Lammerts
Date: Sun Aug 08 2004 - 11:15:29 EST

Next message: Roger Luethi: "[2/3] via-rhine: de-isolate PHY"
Previous message: Hugh Dickins: "Re: [PATCH] Allow to disable shmem.o"
In reply to: Juergen Pabel: "Re: [PATCH] Masking kernel commandline parameters (2.6.7)"
Next in thread: Juergen Pabel: "Re: [PATCH] Masking kernel commandline parameters (2.6.7)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 8 Aug 2004, Juergen Pabel wrote:
> ps: in case you're referring to the feature itself, what would be a
> more sensible way of passing sensitive data to the kernel? -I didn't
> see any other way.

Yes, I was referring to the feature itself.

I don't know much about dmcrypt, but in the (similar) case of
loop-encrypt, the initrd program could simply call losetup (or mount
-oloop), which would prompt the user for the key and pass it to the
kernel using the LOOP_SET_STATUS64 ioctl. After the mount, you can
pivot_root to your encrypted fs and get rid of the initrd.

I'm sure you can do something similar for dmcrypt.

Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roger Luethi: "[2/3] via-rhine: de-isolate PHY"
Previous message: Hugh Dickins: "Re: [PATCH] Allow to disable shmem.o"
In reply to: Juergen Pabel: "Re: [PATCH] Masking kernel commandline parameters (2.6.7)"
Next in thread: Juergen Pabel: "Re: [PATCH] Masking kernel commandline parameters (2.6.7)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]