New issue
Advanced search Search tips

Issue 773590 link

Starred by 2 users
Status: Started
Owner:
sarthakkukreti@chromium.org
Cc:
snanda@chromium.org
vapier@chromium.org
sonnyrao@chromium.org
jorgelo@chromium.org
keescook@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Feature

Blocked on:
issue 797141
Blocking:
issue 691646
issue 761911
issue 721552
issue 800138



Sign in to add a comment

investigate replacing dm-crypt overlay for /var with directory encryption

Project Member Reported by gwendal@chromium.org, Oct 11 2017 
Instead of having dm-crypt over a file-backed loopback device, use directory encryption.
We would avoid the over provisioning issue and simplify the whole stack
[currently https://docs.google.com/drawings/d/1oAa_N5VFHrXmzo0hTBGogvdbQqYQ5dlfgJfoIJW5GEM/edit]

to 
https://docs.google.com/a/google.com/drawings/d/1GkbaPfvyP5ccZq43CMlrIwnT05e4PhiUwmfNtWZIOdg/edit?usp=sharing

As we did for home ext4 crypto, the same key used by dm-crypt can be reused for these directory.

Migration - if any - would happen at boot time.

[Sonny's idea]

Comment 1 by vapier@chromium.org, Oct 11 2017

Components: Security
if we're all-in on ext4 encryption, then this sounds fine.  migration will be easier too because it's a system key we don't have to wait for user input ...

Comment 2 by jorgelo@chromium.org, Oct 11 2017 

I'm all for simplifying the system.

Comment 3 by gwendal@chromium.org, Nov 20 2017

Blocking: 761911

Comment 4 by gwendal@chromium.org, Dec 1 2017

Blocking: 721552

Comment 5 by gwendal@chromium.org, Jan 8 2018

Blocking: 800138

Comment 6 by gwendal@chromium.org, Feb 23 2018

Blocking: 691646

Comment 7 by gwendal@chromium.org, Feb 23 2018

Owner: sarthakkukreti@chromium.org
Status: Started (was: Untriaged)

Comment 8 by gwendal@chromium.org, Feb 23 2018

Blockedon: 797141

Sign in to add a comment