Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cryptsetup should be in initrd #46

Closed
osresearch opened this issue Nov 1, 2016 · 2 comments
Closed

cryptsetup should be in initrd #46

osresearch opened this issue Nov 1, 2016 · 2 comments
Labels
enhancement initrd
Milestone
measuredboot

Comments

@osresearch
Copy link
Collaborator

This will allow the LUKS headers to be included in the PCRs, as well as record the TPM stored keys into a LUKS key slot.

Downside: it requires an additional several MB of libraries. Can a simpler one be built?
@osresearch osresearch added this to the measuredboot milestone Nov 1, 2016
osresearch added a commit that referenced this issue Dec 28, 2016
@osresearch
Download and build almost all dependencies.
5fd9878 
As part of issue #1, we should build all libraries and programs that we
deploy into the Heads initrd.  This modifies the module configurations
for all of them to install into heads/install so that we can build
against them.

Add dmsetup, cryptsetup and veritysetup (issue #46).

Build gpgv 1.4 as a standalone tool (issue #23).

Modify populate-lib to use the install directory by setting
LD_LIBRARY_PATH (issue #35).
osresearch added a commit that referenced this issue Jan 4, 2017
@osresearch
Working build with musl-libc cross compiler (issue #77).
58ff958 
Pass in the --host argument to all of the various programs
that need to treat the configure scripts as cross compilation
targets.

This removes all dependencies on the host libc (issue #7)
and adds some tools to the initrd (cryptsetup #46).
@osresearch
Copy link
Collaborator Author

cryptsetup is now part of the musl-libc built tools and fits easily into the initrd.

@rofl0r
Copy link
Contributor

rofl0r commented Jan 4, 2017

you probably already know, but if you aim for a static build in the future then linking cryptsetup against libnettle instead of openssl/libressl shaves off almost 400KB from the binary size.

@osresearch osresearch mentioned this issue Jan 5, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement initrd
Projects
None yet
Milestone
measuredboot
Development

No branches or pull requests
2 participants
@rofl0r @osresearch