1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
IMPORTANT:
This code is still pre-beta and has not been audited for flaws that
could introduce weaknesses in the encryption. Please don't use it for
any confidential data before the beta release.
------------------------------------------------------------------------
STATUS:
See http://wiki.debian.org/DebianInstaller/PartmanCrypto
and also TODO and BUGS in the source tree
------------------------------------------------------------------------
The scripts do stuff more or less in the following order:
1. choose_method/crypto
2. active_partition/*
3. choose_partition/crypto
4. init.d/crypto
5. blockdev-keygen
6. update.d/crypto_visuals
7. finish.d/check_randomfskey, aptinstall_crypto, fstab_loop
choose_method/
crypto
Entry in the "Use as:" menu. All encryption types (loop-AES,
dm-crypt) are merged into one choice. Writes "crypto"
into $dev/$id/method and activates the below crypto options.
active_partition/*
Entries in the partition menu. Which are shown depends on crypt_type
and cipher. loop-AES shows no keysize option because it's ciphers have
fixed keysizes. The chosen values are stored in $dev/$id/<entry>
choose_partition/
crypto
"Setup encrypted volumes" in the main menu. Checks for valid cipher
options and safe swap. Creates keyfiles, erases to-be-encrypted
parititons and finally does losetup/dmsetup.
init.d/
crypto
Creates the partman cryptdisks once for each crypto partition.
update.d/
crypto_visuals
Shows "crypt" in the method column, and the name of the crypt disk as
mountpoint, so the user can see which loop/dm device is which after
they have been setup.
finish.d/
crypto_check_mountpoints
Shows a warning if user chose to create a filesystem on a crypt disk
with keytype random. User can force to continue, maybe that should
eventually be disabled. Note: random keytype can make sense for the
/tmp partition, but actually requires random/1777 keytype.
finish.d/
crypto_config
Replaces loop devices in fstab with corresponding real devices and
adds crypto mount options. This is a bit of a hack used because we
can't use get_mountoptions from partman. Crypto settings are stored
in dev/$id of cleartext partition, but everything else is stored in
the crypt_device dev/$id. We want the mount options, finish.d checks,
etc. handled by whatever feels responsible for what should be store
d on the encrypted partition, so this seems necessary.
finish.d/
crypto_aptinstall
Installs userspace tools and helper packages for encryption. This
is responsible for installing loop-aes-utils and loop-aes-rootfs (TODO)
into the target system. Similarily for dm-crypt, installs cryptsetup
etc.
blockdev-keygen
Asks for a passphrase, confirms that it has been entered correctly
and optionally tests for a minimum length. If the name for a keyfile
is specified as third argument it creates a gnupg keyfile for use
with loop-AES, otherwise it just echoes the pass to stdout.
The actual encryption keys for loop-AES keyfiles are generated from
/dev/random, so we need plenty of entropy. This script uses the
cdebconf plugin "entropy" if available. See notes at the beginning
of the script for important steps for the caller.
finish-install.d/
05crypto
Run by finish-install.d hook; Checks for loop-AES partitions,
determines target kernel version from base-installer/kernel/image
and installs a corresponding loop-aes-$KVERS package into /target.
ciphers/$crypt_type/$cipher
Lists supported ciphers for each crypt_type. The following files
exist for each cipher directory. They are used to display a short
description of the cipher for the user and to determine allowed
crypto parameters (TODO):
- desc (description)
- options (crypt_type specific)
Structure is
ciphers/$crypt_type/$cipher/<file>
mountoptions
mountoptions/crypto
Should be no longer required. Maybe resurrect once we find a cleaner
approach for setting crypto-specific mount options.
|
