[elbe-devel] How to create an encrypted rootfs image using Elbe?
Lukasz Walewski
lwalewski at s-can.at
Tue Jul 4 08:05:26 CEST 2017
Hi,
I think my question was too general, so I narrow the scope here. We are planning to use the cryptsetup package to encrypt the RFS generated with elbe. One way to do that is to mount the RFS as a loop device and manipulate it using cryptsetup. Since mounting a loop device and manipulating it requires root privileges we would like to encapsulate those tasks. The elbe initvm provides a perfect, secure environment for such tasks and we are using it anyway so there would be no additional cost in setting things up.
My question is whether it is possible to execute commands within initvm *after* the RFS has been generated? - I mean something similar to <finetuning> commands but executed after the RFS generation.
To reveal my attitude: I am looking for a clean solution that encapsulates code running with root privileges, which could be safely integrated in an automated build system.
I would be grateful for your ideas/suggestions.
Best regards,
Lukasz
>-----Ursprüngliche Nachricht-----
>Von: elbe-devel [mailto:elbe-devel-bounces at linutronix.de] Im Auftrag von
>Lukasz Walewski
>Gesendet: Montag, 3. Juli 2017 10:20
>An: ElbeDevel_at_Linuxtronix
>Betreff: [elbe-devel] How to create an encrypted rootfs image using
>Elbe?
>
>Hi,
>
>I need to create an encrypted image of my rootfs. How should I approach
>that with Elbe?
>
>Best regards,
>Lukasz
>
>
>----------------------------------------
>
>scan Messtechnik GmbH
>Brigittagasse 22-24
>A-1200 Wien/Vienna
>tel. +43 1 219 73 93 - 0
>fax +43 1 219 73 93 - 12
>http://www.s-can.at
>office at s-can.at
>
>Geschaeftsfuehrer/President: DI Andreas Weingartner
>Firmenbuchnummer/Incorporation No: FN178880i
>Gerichtsstand/Court of Jurisdiction: Wien/Vienna
>
>----------------------------------------
>
>s::can - intelligent, optical, online
>
>i::scan - compact, precise and affordable!
>UV254::NTU::FTU::TOC::DOC::COD::BOD::Colour ...and many more to come!
>http://www.i-scan.at
>----------------------------------------
>"YES WE SCAN !"
>
>_______________________________________________
>elbe-devel mailing list
>elbe-devel at linutronix.de
>https://lists.linutronix.de/mailman/listinfo/elbe-devel
----------------------------------------
scan Messtechnik GmbH
Brigittagasse 22-24
A-1200 Wien/Vienna
tel. +43 1 219 73 93 - 0
fax +43 1 219 73 93 - 12
http://www.s-can.at
office at s-can.at
Geschaeftsfuehrer/President: DI Andreas Weingartner
Firmenbuchnummer/Incorporation No: FN178880i
Gerichtsstand/Court of Jurisdiction: Wien/Vienna
----------------------------------------
s::can - intelligent, optical, online
i::scan - compact, precise and affordable!
UV254::NTU::FTU::TOC::DOC::COD::BOD::Colour ...and many more to come!
http://www.i-scan.at
----------------------------------------
"YES WE SCAN !"
More information about the elbe-devel
mailing list