the keys are in kernelspace IIRC and thus updated / passed on initrd /initramfs updates and kernel updates
Corey W Sheldon Freelance IT Consultant, Multi-Discipline Tutor 310.909.7672 www.facebook.com/1stclassmobileshine
On Sat, Sep 13, 2014 at 7:01 PM, Ian Pilcher arequipeno@gmail.com wrote:
On 09/13/2014 03:59 AM, Fred New wrote:
One step up from this would be something like a kpatch process in rpm combined with packaged metadata that replaces in-memory modules so that reboots wouldn't be necessary. Yeh, probably impossible.
This has almost certainly already been considered by people smarter than me, but it occurs to me that there's no reason that kexec couldn't some- how pass LUKS/dm-crypt keys to the new kernel.
--
Ian Pilcher arequipeno@gmail.com
-------- "I grew up before Mark Zuckerberg invented friendship" --------
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct