= Debian Cryptsetup Sprint =

== Location, Date ==

 * when: June 16-17
 * where: Frankfurt

== Participants ==

||'''No'''||'''Name''' ||'''Email''' ||'''confirmed''' || '''Arrival date/time''' || '''Departure date/time''' || '''Travel sponsorship required''' || '''Comment''' ||
|| 1 || Guilhem Moulin || guilhem@d.o || yes || 2018-06-14 evening || 2018-06-18 morning || yes || -           ||
|| 2 || Jonas Meurer || mejo@d.o || yes || 2018-06-14 evening || 2018-06-18 morning || no || -           ||


== Agenda ==

(Ambitious) Tentative agenda:
 * Finish refactoring of the initramfs & init scripts
 * Bug triaging (quite a few are blocking on said refactoring)
 * luksSuspend integration ([[https://salsa.debian.org/cryptsetup-team/cryptsetup/tree/cryptoroot_suspend|pending for the rootfs]]):
    * use cryptsetup's `luksSuspend` feature to lock dm-crypt devices before suspend on RAM.  The user is required to unlock the disk upon resume.
    * data in memory is not protected, but the rest of the root FS is.
 * luks nuke feature: https://www.kali.org/tutorials/nuke-kali-linux-luks/
 * systemd integration and future of cryptscripts
    * patch cryptsetup.c in systemd to support cryptscripts?  need input from the systemd maintainers
    * https://github.com/systemd/systemd/pull/3007#pullrequestreview-39358162
    * https://lists.freedesktop.org/archives/systemd-devel/2012-June/005693.html
 * ephemeral swap encryption:
    * makes sense to use use a random ephemeral key for volatile partitions such as /tmp or swap (when suspend-on-disk is not desired)
    * `/dev/urandom` might yield deterministic encryption keys if used early in the boot process
    * `/dev/random` blocks and drains the entropy pool
    * write a new keyscript using `getrandom(2)`?  Or maybe integrate that in cryptsetup itself with a `--random-key` flag, and add a matching crypttab(5) option
 * improve QA for (semi-)automatic regression tests

== Reports ==

 * announcement: https://alioth-lists.debian.net/pipermail/pkg-cryptsetup-devel/2018-May/007577.html
 * report: https://blog.freesources.org/posts/2018/06/debian_cryptsetup_sprint_report/
 * https://twitter.com/debian/status/1011703652275273729



== Acknowledgements ==

the sprint has been possible thanks to:

 * [[http://www.debian.org/donations|donations]] to the Debian project

----
CategorySprint