Make build process and resulting images capable of storing secrets. (!16) · Merge requests · Arch Linux / Mkinitcpio / mkinitcpio

Kristian Klausen requested to merge github/fork/bkus-goog/secure-secrets into master Feb 12, 2020

Created by: bkus-goog

When storing secrets (eg: crypttab keyfiles) in initramfs, ensure the secrets are protected during the build process, and in the resulting initramfs images. This works best when initramfs is also stored on an encrypted or otherwise secured filesystem. Access by root is not a problem since "dmsetup table --showkeys" will show the keys to root anyway.

Admin message

Make build process and resulting images capable of storing secrets.

Merge request reports