extra key files included in initrd
Jesse Norell
jesse at kci.net
Thu Jun 20 01:06:11 CEST 2019
Hello,
I was looking over the contents of an initrd today and noticed some
mandos key files present which I didn't expect, nor were needed to
boot. On that system I have the default pubkey/seckey files which are
used for unlocking the root filesystem, and a second set of keys which
are used by a backup script (which calls mandos-client to get the key
used for encrypting the backup), and also stored in /etc/keys/mandos/.
It appears the entire contents of that directory are included in the
initrd. Perhaps I missed/forgot that point in the past, but it does
seem there is room for a bit of improvement there if the scripts which
assemble mandos' initrd environment were more selective. (And the
obvious workaround for me is to store the secondary keys in a different
directory.)
Thanks,
--
Jesse Norell
Kentec Communications, Inc.
970-522-8107 - www.kci.net
More information about the Mandos-Dev
mailing list