Calamares 2.3-alpha2 release
21 views
Skip to first unread message
Teo Mrnjavac
May 13, 2016, 12:59:35 PM5/13/16
to calama...@googlegroups.com
Hello team,
the second tech preview for Calamares 2.3 is out now. I call it alpha2, so
like 2.3-alpha1, expect dragons.
Changes since last week include:
* support for full-disk autoinstall with LUKS on EFI;
* fixed regression with zram devices appearing in the devices list even though
they shouldn't;
* fixed breakage with non-LUKS installs;
* added support for closing crypto devices in ClearMountsJob;
* new luksopenswaphookcfg module for early swap decryption in the initramfs;
* support for encrypted swap in initcpiocfg and luksbootkeyfile modules.
The latter two are the major bit of work: this means that swap devices are now
decrypted early on, which allows the system to resume from hibernation
(suspend to disk) even with an encrypted swap.
The feature requires adding the luksopenswaphookcfg module to settings.conf,
before luksbootkeyfile and initcpiocfg but after unpackfs.
The new luksopenswaphookcfg module also requires a new dependency: mkinitcpio-
openswap [1]. The latter is a simple hook for distros that use mkinitcpio, its
only job being to read the keyfile and cryptsetup open the swap partition so
it can be picked up by the resume parameter on the kernel line.
I realize that it's potentially inconvenient to depend on a bit of software
that only lives in AUR and isn't packaged, but I'm confident that this is the
most reliable and secure way currently at our disposal that supports both
permanently encrypted swap and resuming from hibernation, and all of that
without prompting for a passphrase multiple times.
I believe it shouldn't be very difficult to port this hook (or reimplement it)
in other initramfs frameworks. If you need help, feel free to ping me in
#calamares. Further information on this decryption technique can be found at
[2].
[1] https://aur.archlinux.org/packages/mkinitcpio-openswap/
[2] https://wiki.archlinux.org/index.php/Dm-crypt/
Swap_encryption#mkinitcpio_hook
Tarball: https://calamares.io/downloads/calamares-2.3-alpha2.tar.gz
SHA1: 0a77bcf03c397aa4e6b87a985d59d4386369a969
MD5: 5c60aadc9d128c712330da862a80d480
Cheers,
--
Teo Mrnjavac
http://teom.org | t...@kde.org
the second tech preview for Calamares 2.3 is out now. I call it alpha2, so
like 2.3-alpha1, expect dragons.
Changes since last week include:
* support for full-disk autoinstall with LUKS on EFI;
* fixed regression with zram devices appearing in the devices list even though
they shouldn't;
* fixed breakage with non-LUKS installs;
* added support for closing crypto devices in ClearMountsJob;
* new luksopenswaphookcfg module for early swap decryption in the initramfs;
* support for encrypted swap in initcpiocfg and luksbootkeyfile modules.
The latter two are the major bit of work: this means that swap devices are now
decrypted early on, which allows the system to resume from hibernation
(suspend to disk) even with an encrypted swap.
The feature requires adding the luksopenswaphookcfg module to settings.conf,
before luksbootkeyfile and initcpiocfg but after unpackfs.
The new luksopenswaphookcfg module also requires a new dependency: mkinitcpio-
openswap [1]. The latter is a simple hook for distros that use mkinitcpio, its
only job being to read the keyfile and cryptsetup open the swap partition so
it can be picked up by the resume parameter on the kernel line.
I realize that it's potentially inconvenient to depend on a bit of software
that only lives in AUR and isn't packaged, but I'm confident that this is the
most reliable and secure way currently at our disposal that supports both
permanently encrypted swap and resuming from hibernation, and all of that
without prompting for a passphrase multiple times.
I believe it shouldn't be very difficult to port this hook (or reimplement it)
in other initramfs frameworks. If you need help, feel free to ping me in
#calamares. Further information on this decryption technique can be found at
[2].
[1] https://aur.archlinux.org/packages/mkinitcpio-openswap/
[2] https://wiki.archlinux.org/index.php/Dm-crypt/
Swap_encryption#mkinitcpio_hook
Tarball: https://calamares.io/downloads/calamares-2.3-alpha2.tar.gz
SHA1: 0a77bcf03c397aa4e6b87a985d59d4386369a969
MD5: 5c60aadc9d128c712330da862a80d480
Cheers,
--
Teo Mrnjavac
http://teom.org | t...@kde.org
Reply all
Reply to author
Forward
0 new messages