I'd like to extend the installer's cryptsetup script to allow for:
1. Execution of a pre-cryptsetup script, if it exists, placed conveniently in the root of the installation medium.
2. User specification of parameters.
The official installers do not allow this. While we can work around this manually, that is a laborious chore for every install of every release.
Where is the installer's cryptsetup script located?
We need this because:
1. Fresh systems lack sufficient, trustworthy entropy - virtual machines even more so.
2. There are valid reasons for cipher changes from default (or just a reassuring re-specification). Setting aside some of the pointless changes and baseless paranoia we see on the forums, there is one major reason to do this: AES-128 is faster (with and without AES-NI) and sufficient to keep the data private, but certain people are contractually bound to use AES-256 FDE on all systems used in furtherance of certain contracts. Some of them are bound to FIPS compliance, others to a list of bullet points lifted from the spec.
3. Custom specification of the identity and the hardness parameters of the KDF are useful. The installer tries to strike a balance, but this balance is not appropriate in all situations.
4. Better support of the currently laborious task of setting up two-factor key derivation from a password and key file.
5. As a matter of principle, critical security settings should not be hidden and hard to modify. That doesn't mean that the default installer should make it easy for unknowledgeable people to break things, or that we must spend time letting every parameter be tweaked, but it does require at least some documented exposure intended for modification.
The pre-cryptsetup script allows the user to solve the problems associated with entropy and two-factor keying but without having to modify the installation tree for each image. A post-cryptsetup script along the same lines would also be useful.
Parameter specification is fairly straightforward. We need a script which sets a few variables and optionally allows the substitution of a custom command.
How might I get started on this?
1. Execution of a pre-cryptsetup script, if it exists, placed conveniently in the root of the installation medium.
2. User specification of parameters.
The official installers do not allow this. While we can work around this manually, that is a laborious chore for every install of every release.
Where is the installer's cryptsetup script located?
We need this because:
1. Fresh systems lack sufficient, trustworthy entropy - virtual machines even more so.
2. There are valid reasons for cipher changes from default (or just a reassuring re-specification). Setting aside some of the pointless changes and baseless paranoia we see on the forums, there is one major reason to do this: AES-128 is faster (with and without AES-NI) and sufficient to keep the data private, but certain people are contractually bound to use AES-256 FDE on all systems used in furtherance of certain contracts. Some of them are bound to FIPS compliance, others to a list of bullet points lifted from the spec.
3. Custom specification of the identity and the hardness parameters of the KDF are useful. The installer tries to strike a balance, but this balance is not appropriate in all situations.
4. Better support of the currently laborious task of setting up two-factor key derivation from a password and key file.
5. As a matter of principle, critical security settings should not be hidden and hard to modify. That doesn't mean that the default installer should make it easy for unknowledgeable people to break things, or that we must spend time letting every parameter be tweaked, but it does require at least some documented exposure intended for modification.
The pre-cryptsetup script allows the user to solve the problems associated with entropy and two-factor keying but without having to modify the installation tree for each image. A post-cryptsetup script along the same lines would also be useful.
Parameter specification is fairly straightforward. We need a script which sets a few variables and optionally allows the substitution of a custom command.
How might I get started on this?
