[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem with decrypting AES-XTS-plain partition table

From: Mariusz Gliwiński
Subject: Problem with decrypting AES-XTS-plain partition table
Date: Sun, 24 Oct 2010 22:19:02 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv: Gecko/20101013 Thunderbird/3.1.5

I'm trying to set-up stealth full root encryption grub installation. Let me introduce basic idea:
* BIOS loads up grub2 from SD card `(hd1)`
* grub is reading configuration from ext4 partition `(hd1,2)/boot/grub/grub.cfg` on SD card and decrypts aes-xts-plain encrypted partition table `(hd0)` with 512 byte key located on `(hd1,2)` * because grub already knows `(hd0)` partitioning scheme, it can decrypt `(hd0,1)` boot ext4 partition.
* grub is passing it's control to initrd, kernel

Keep in mind `(hd0)` is encrypted in pure aes-xts-plain *without* LUKS headers.

Could You help me with finding proper usage of grub prompt or `grub.cfg` configuration to decrypt hd0 partition table, so I can boot my system properly?

 - Is crypto.mod a proper module for doing this?
- Are there any module arguments or are there any new commands to let grub to know that (hd0) is aes-xts-plain encrypted disk with key `(hd1,2)/hostname.key` ? - I'm not sure if crypto.mod supports xts mode, couldn't find that in source. If not, are there any alternatives to make reach goal, or could you provide me information how to make make this kind of encryption on other modes?

I've seen on net a lot of info about making lvm and/or LUKS and/or having /boot uncencrypted but it just doesn't fit my goal. Everyone is making use of grub-install which doesn't help me at all since I find manual configuration less error prone (yes, I'm sure about that). That's why I would prefer tips about setting everything manually.

Mariusz Gliwiński

reply via email to

[Prev in Thread] Current Thread [Next in Thread]