ecryptfs-devel team mailing list archive

Thread
Date

Re: [PATCH v2 0/4] new dracut modules

To: Roberto Sassu <roberto.sassu@xxxxxxxxx>
From: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
Date: Thu, 07 Jul 2011 10:42:11 -0400
Cc: initramfs@xxxxxxxxxxxxxxx, harald.hoyer@xxxxxxxxx, kirkland@xxxxxxxxxxxxx, safford@xxxxxxxxxxxxxx, ecryptfs-devel@xxxxxxxxxxxxxxxxxxx, ramunno@xxxxxxxxx
In-reply-to: <201107071614.39627.roberto.sassu@polito.it>

On Thu, 2011-07-07 at 16:14 +0200, Roberto Sassu wrote:
> On Thursday, July 07, 2011 03:53:22 PM Mimi Zohar wrote:
> > On Tue, 2011-07-05 at 18:23 +0200, Roberto Sassu wrote:
> > > Hi all
> > > 
> > > this patch set introduces three new modules (masterkey, integrity and
> > > ecryptfs) and allows to mount the securityfs filesystem from the initial
> > > ramdisk.
> > > 
> > > These patches are based upon the first version sent by Mimi Zohar, which
> > > can be retrieved at the address:
> > > 
> > > http://article.gmane.org/gmane.linux.kernel.initramfs/1910
> > > 
> > > Roberto Sassu 
> > 
> > Nice!  Thanks Roberto for updating the modules. They're look really
> > good.
> > 
> > One really minor issue is that although the user can override the
> > default masterkey blob filename, using a boot command line option, the
> > default filename is kernel version specific.  Until the tools are
> > available to create and seal keys to a set of PCRs, as we discussed,
> > perhaps there should be an additional filename default, without the
> > kernel version appended, as well.
> > 
> 
> Hi Mimi
> 
> thanks.
> I think we can solve this issue by adding a new option, called
> 'MULTIKERNELMODE', which can be used to decide if the kernel
> version should be added to the default masterkey filename or
> not. By default, we can set its value to 'NO'.
> 
> Roberto Sassu

Sounds good.

thanks,

Mimi

References

Re: [PATCH v2 0/4] new dracut modules
From: Mimi Zohar, 2011-07-07