Skip to content

Add support to generate encrypted images

Tallero Tallero requested to merge tallero/archiso:crypto into master

Solves #156 (closed), # #181 (closed), #171 (closed) (partially).

# New values in
airootfs_image_type:     ext4+squashfs+luks
keys_image_type:         same values as above
keys_image_tool_options: same as airootfs_image_tool_options
buildmode:               keys  # when enabled produces the iso/image
                               # for the aforementioned dongle
encryption_key:          <file>

New +luks airootfs image types are added to handle LUKS encrypted rootfs.

One between a key, a plain password or an activation dongle image is returned together with the main ISO if an encrypted image type is selected.

Encryption type is handled by the encryption_key variable.

When set to a file, it will use it for encryption.

When set to auto, it will encrypt the disk with a newly generated key.

When unset, the user is prompted to insert a plain-text password.

A new keys buildmode is added which builds an <iso_label>_KEYS ISO which automatically unlocks the system when physically attached to the computer.

A new variable for crypto kernel parameters has been added to bootloaders' configurations.

When encryption is enabled, public package list is (should be? do we want a ) removed from the ISO.

Depends on

Currently superseeded by


Edited by Tallero Tallero

Merge request reports