EncryptedFilesystems

Differences between revisions 2 and 3
Revision 2 as of 2007-10-29 14:27:56
Size: 3262
Editor: 12
Comment:
Revision 3 as of 2007-10-29 14:36:18
Size: 3439
Editor: 12
Comment:
Deletions are marked like this. Additions are marked like this.
Line 28: Line 28:

 * Uli the user boots a machine with a series of encrypted filesystems that are all encrypted with the same passphrase. This passphrase should need to be entered only once.

Please check the status of this specification in Launchpad before editing it. If it is Approved, contact the Assignee or another knowledgeable person before making changes.

Summary

The Gutsy Gibbon Alternate installer introduced the possiblity to configure encrypted devices (with cryptsetup/LUKS and dm-crypt) and offers a standard partman recipe ("Use entire disk with encryption"). For Hardy we want to review how we can improve this, in particular:

  • Provide support for it in ubiquity
  • Offer encryption support for autoresizing and "automatically partition free space" modes, too.
  • Consider support for key files (on USB sticks, etc) instead of/in addition to passphrases.

Release Note

This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.)

It is mandatory.

Rationale

This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified.

Use Cases

* Consider an administrator Bob, who maintains a fleet of machines that are auto-installed by means of debconf seeding. To what extent can he automate the configuration of encrypted partitions with debconf in an automated way? How much granularity will the debconf integration afford him, compared to his GUIed installer counterparts?

  • Uli the user boots a machine with a series of encrypted filesystems that are all encrypted with the same passphrase. This passphrase should need to be entered only once.

Assumptions

Design

You can have subsections that better describe specific parts of the issue.

Implementation

This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like:

UI Changes

Should cover changes required to the UI, or specific UI that is required to implement this

Code Changes

Code changes should include an overview of what needs to change, and in some cases even the specific details.

Migration

Include:

  • data migration, if any
  • redirects from old URLs to new ones, if any
  • how users will be pointed to the new way of doing things, if necessary.

Test/Demo Plan

It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during CD testing, and to show off after release.

This need not be added or completed until the specification is nearing beta.

Outstanding Issues

This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved.

BoF agenda and discussion

Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.

CategorySpec

EncryptedFilesystems (last edited 2008-08-06 16:38:23 by localhost)