From: petter9@bissa.eu
To: 9front@9front.org
Subject: Re: [9front] Booting with encrypted partitions
Date: Wed, 13 Nov 2019 00:51:24 +0100 [thread overview]
Message-ID: <e221f099-df4c-d2f7-fa0b-f0b4770e072f@bissa.eu> (raw)
In-Reply-To: <2072D5F64C86C326359F41C953C1B7E6@felloff.net>
Glad to see some interest! Just to be clear. My goal here was primarily
just to hack together something that scratches my itch, today.
Thanks for pointing out the flaw with the empty test. I actually had it
there before, but it got lost retyping it after reinstalling. (Yes, my
process sucks.)
Ori: I did consider briefly to make it work automatically for different
setups.
Some quick thoughts that put me off:
* What if new crypto programs are introduced. Which one to use.
* What if someone has multiple plan9 installations on the same disk
and/or several disks.
* Different filesystems may need different partitions decrypted.
Maintain a list? Update with new filesystems.
* Different filesystems and multiple installations.
* Should one decrypt before or after partition is selected.
Felt a bit like a pandora's box to me. (Could very well be i'm making
problems that aren't actually here obviously. I don't know.)
Having the user specify the decryption command themselves is the
simplest and cleanest solution i could think of, random unverified
concerns considered. Not saying having it in plan9.ini like that is the
right way to do it. (But hey, step 1: get something that works;))
Cinap: Regarding having this in the main loop. The scenario i had in
mind there was the user aborting the password input (DEL) to type in
some other partition in bootargs (multi-boot/usb). And if that fails,
just start all over again.
I'd be happy to help and experiment the next few days before i set this
computer to work. I'll try moving it around.
initcmd?
--
Petter
--
For the record.
diff -r 8f9f3ee2eacf sys/src/9/boot/bootrc
--- a/sys/src/9/boot/bootrc Mon Nov 11 13:35:47 2019 -0800
+++ b/sys/src/9/boot/bootrc Tue Nov 12 13:10:09 2019 +0100
@@ -65,6 +65,11 @@
mt=()
fn main{
+ if(! ~ $#decryptfs 0) {
+ echo $decryptfs
+ eval $decryptfs
+ }
+
mp=()
while(~ $#mp 0){
if(~ $#nobootprompt 0){
---plan9.ini---
decryptfs=disk/cryptsetup -i /dev/sdE0/fsworm /dev/sdE0/fscache
/dev/sdE0/other
nobootprompt=local!/dev/fs/fscache
mouseport=ps2
monitor=x200
vgasize=1280x800x32
user=p
next prev parent reply other threads:[~2019-11-12 23:51 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-12 21:54 cinap_lenrek
2019-11-12 23:51 ` petter9 [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-11-13 5:07 ori
2019-11-13 11:45 ` hiro
2019-11-20 12:58 ` petter9
2019-11-12 20:57 ori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e221f099-df4c-d2f7-fa0b-f0b4770e072f@bissa.eu \
--to=petter9@bissa.eu \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).