Skip to content

Make build process and resulting images capable of storing secrets.

Kristian Klausen requested to merge github/fork/bkus-goog/secure-secrets into master

Created by: bkus-goog

When storing secrets (eg: crypttab keyfiles) in initramfs, ensure the secrets are protected during the build process, and in the resulting initramfs images. This works best when initramfs is also stored on an encrypted or otherwise secured filesystem. Access by root is not a problem since "dmsetup table --showkeys" will show the keys to root anyway.

Merge request reports