Closed donmor closed 5 months ago
So what's the usecase for this passphrase_file stuff?
I know the existing unlock tool isn't working reliably and we need to do something about that, but I need to hear more about how this is being used to know if this is what we want to do.
So what's the usecase for this passphrase_file stuff?
I know the existing unlock tool isn't working reliably and we need to do something about that, but I need to hear more about how this is being used to know if this is what we want to do.
We can use encrypted bcachefs partition as root (by puttinng a key file as well as fstab with this option in initrd, tested with dracut).
I'm also looking for this option to automatically decrypt external harddrives on my homeserver, otherwise some workaround is needed like https://oz123.github.io/writings/2024-03-25-Decrypting-bcachefs-volumes-at-boot/index.html
The homeserver itself is also encrypted so the keyfiles for external files are only readable and used at runtime
I'm also looking for this option to automatically decrypt external harddrives on my homeserver, otherwise some workaround is needed like https://oz123.github.io/writings/2024-03-25-Decrypting-bcachefs-volumes-at-boot/index.html
The homeserver itself is also encrypted so the keyfiles for external files are only readable and used at runtime
I think stratis has 2 options for unattended decryption.
I don' know much about these 2 options and what pros/cons they have or ultimately how secure they are.
Are you only concerned with someone taking an external drive and not the entire server and external drives? I think it might be helpful for you to elaborate on what your goals are. I'm having a hard time understanding the value of encrypting your data when the key is sitting in the initrd etc.
I think stratis has 2 options for unattended decryption.
1. Network Bound Drive Encryption (NBDE) which requires a Tang server 2. Bind the storage to the Trusted Platform Module (TPM 2.0)
My understanding of the threat model for (2) is:
Given those, the major difference between TPM and requiring a passphrase to unlock is that TPM exposes you to physical attacks against the running machine (intercepting the bus between the TPM and CPU, moving RAM to a second machine while preserving state via LN cooling, etc)
¹: No init=/bin/sh!
cmd_mount.rs
is renamed, causing conflicts.
Based on #241 .
Add passphrase_file to mount options. Can be specified in
-o
or/etc/fstab
, making it possible to mount encrypted bcachefs partitions as root.Kept
-f, --passphrase-file
for compatibility.Also include a patch to
bcachefs.8
.