storage: investigate volume encryption

[maxux]

This become a real concern now since system is more and more used.

Here is a proposal, based on schema already used by well known system (eg: iOS).

The idea is to use two key: one for disk encryption and one for keychain encryption.

In practice, we should have a partition encrypted with a user-key, let's call that partition keychain. This partition will contains all sensitive data (can be keys, seed, ...).

Each disk present on the system will be encrypted with a generated key, on the first run. Theses keys are stored on the keychain partition.

This have couple advantages:

• Encryption are based on the user-key
• You can change the user-key without re-encrypt all disks
• You can quickly « erase » disk by just deleting the keychain, full disk write is not needed

In a first step, the user-key will be hardcoded, just to have system in place quickly. In a second phase, this user-key will be fetched via a secure way we can discuss later, but at least half of the security schema will be already in place.

[LeeSmet]

It seems that we might want to evaluate this w.r.t. #1319