Embed dmcrypt keyfile into Linux kernel?
by finalturismo from LinuxQuestions.org on (#58VMQ)
Ok guys so i have a software project iam trying to protect against beta testers.
I have encrypted the drive with luks and iam using the key files to decrypt the system at start. The problem is the key file must be on an unencrypted device for auto boot to work. anyone could take this key file to chroot into the system...
So i was thinking how can i get the key file to be protected and still be used to unlock the system at start.
The only thing i can think of is to include the key file into the kernel before the kernel is compiled.
Or somehow make it so it cannot be extracted from initramfs?
I have encrypted the drive with luks and iam using the key files to decrypt the system at start. The problem is the key file must be on an unencrypted device for auto boot to work. anyone could take this key file to chroot into the system...
So i was thinking how can i get the key file to be protected and still be used to unlock the system at start.
The only thing i can think of is to include the key file into the kernel before the kernel is compiled.
Or somehow make it so it cannot be extracted from initramfs?