DebianInstaller


Installing Debian on encrypted block devices

This page describes the development of d-i support for installing on encrypted block devices. The aim is to allow users to setup loop-AES, dm-crypt or LUKS encrypted partitions for the system and data parts of a Debian system during the installation.

Status

/!\ IMPORTANT: The code is still pre-beta and has not been audited for flaws that could introduce weaknesses in the encryption. Please don't use it for any confidential data before the beta release.

First stage

partman-crypto

general

needs upload, blocked by missing gnupg and uuencode

gnupg-udeb

loop-AES keyfiles

missing ([http://bugs.debian.org/321948 #321948])

busybox-udeb with CONFIG_UUENCODE=y

loop-AES keyfiles

missing (Bug #323436)

cdebconf-plugin-entropy

loop-AES keyfiles

needs framework for building external cdebconf plugins

loop-aes-$KVERS-di

loop-AES kernel support

in experimental (working out build problems on some archs)

Second stage

loop-aes-$KVERS

loop-AES kernel support

in experimental

See also: partman-crypto [http://svn.debian.org/wsvn/d-i/trunk/packages/partman/partman-crypto/TODO?op=file TODO]

Roadmap