From Fedora Project Wiki
 
(7 intermediate revisions by 3 users not shown)
Line 6: Line 6:


== Owner ==
== Owner ==
* Name: [Dave Lehman] / [Miloslav Trmac]
* Name: [[User:Dlehman|Dave Lehman]] / [[User:Mitr|Miloslav Trmač]]


== Current status ==
== Current status ==
* Completed in F11: 50% - cryptsetup-luks changes are in
* Completed in Fedora 13: 75%
* remaining work for this feature will land by F12 beta (~2009-07-28)
* Last update 2010-11-05
* last update July 7, 2009


== Detailed Description ==
== Detailed Description ==


Miroslav is waiting for upstream acceptance of some cryptsetup changes, to avoid filing bugs that don't have the initial step as a dependency.   
Add support for saving encryption keys (to recover access to a volume when the passphrase is forgotten, or when the user leaves a company), and for creating backup passphrases (to be disclosed to the user when the user forgets the passphrase and is on the road)See [[Key Management]] for general discussion, [[Disk encryption key escrow use cases]] for specifics.
* Add one or two very small packages ("volume_key" or "volume_key-python", perhaps "volume_key-libs") to the installation image
 
* Add two kickstart options (he will post a pykickstart patch)
Subtasks:
* Use the functionality provided by the volume_key* package to load a certificate from the network, and to store encryption keys or passphrases in a file after creating an encrypted volume. He expects the necessary code in anaconda to be < 100 lines.
* Add two or three small packages (<code>python-volume_key</code> and <code>volume_key-libs</code>, perhaps <code>python-nss</code>) to the installation image
* Add system-config-kickstart support for the new kickstart options; integrate with other planned changes to the storage configuration GUI, blocked on those.
* Add two kickstart options ([https://bugzilla.redhat.com/show_bug.cgi?id=508963 #508963]) to pykickstart.  The options specify an URL for a certificate (to use for encryption, implicitly enables key escrow) and a "create backup passphrase" flag.
* Add anaconda support: Download the specified certificates, and use the functionality provided by the *volume_key* packages and to store encryption keys or passphrases under $rootPath/root. ([https://bugzilla.redhat.com/show_bug.cgi?id=510545 #510545])
* Add system-config-kickstart support for the new kickstart options; needs to integrate with other planned changes to the storage configuration GUI, blocked on those.
* Add FirstAidKit support for recovering access to encrypted voluems using the stored encryption keys
* Add FirstAidKit support for recovering access to encrypted voluems using the stored encryption keys


Line 25: Line 26:


Enterprise customers want a means by which they can guarantee access to the data on encrypted block devices in employees' systems. This way they still have a way in if the user changes the device's keys/passphrases.
Enterprise customers want a means by which they can guarantee access to the data on encrypted block devices in employees' systems. This way they still have a way in if the user changes the device's keys/passphrases.


== Product Variants / High Level Use Cases ==
== Product Variants / High Level Use Cases ==
Line 32: Line 32:


== Hardware Architectures ==
== Hardware Architectures ==
All
All


== Testing ==
TBD but should be integrated with anaconda storage testing


== Third-Party Dependencies ==
== Third-Party Dependencies ==


Cryptsetup-luks and anaconda interdependencies
Cryptsetup-luks, volume_key, perhaps python-nss, and anaconda interdependencies


== Bugzilla Numbers ==
== Bugzilla Numbers ==


    * See Bug 458392 - [RFE] luks: add support for admin keyslot for the prereq from an anaconda POV
* See Bug 458392 - [RFE] luks: add support for admin keyslot for the prereq from an anaconda POV
    * Bug 488718 - (encrypted_LVM) Support for encrypted LVs in LVM2 & key management (tracker) for a description of work in progress
:'''Note:''' The above description does not address the "admin keyslot" requirement.  This remains an useful feature, does anybody own it?
 
* Bug 488718 - (encrypted_LVM) Support for encrypted LVs in LVM2 & key management (tracker) for a description of work in progress
 
* Bug 508960 - tracker for all key escrow work
* Bug 508963 - Add key escrow options to pykickstart
* Bug 510545 - (anaconda) RFE: encryption key escrow support
* Bug 508967 - (system-config-kickstart) RFE: encryption key escrow support
----
----


[[Category:FeatureAcceptedF12]]
[[Category:FeatureAcceptedF12]]

Latest revision as of 21:43, 5 November 2010

Anaconda Encrypted Boot IPA key Management

Summary

Provide enterprise-class key management support for encrypted devices

Owner

Current status

  • Completed in Fedora 13: 75%
  • Last update 2010-11-05

Detailed Description

Add support for saving encryption keys (to recover access to a volume when the passphrase is forgotten, or when the user leaves a company), and for creating backup passphrases (to be disclosed to the user when the user forgets the passphrase and is on the road). See Key Management for general discussion, Disk encryption key escrow use cases for specifics.

Subtasks:

  • Add two or three small packages (python-volume_key and volume_key-libs, perhaps python-nss) to the installation image
  • Add two kickstart options (#508963) to pykickstart. The options specify an URL for a certificate (to use for encryption, implicitly enables key escrow) and a "create backup passphrase" flag.
  • Add anaconda support: Download the specified certificates, and use the functionality provided by the *volume_key* packages and to store encryption keys or passphrases under $rootPath/root. (#510545)
  • Add system-config-kickstart support for the new kickstart options; needs to integrate with other planned changes to the storage configuration GUI, blocked on those.
  • Add FirstAidKit support for recovering access to encrypted voluems using the stored encryption keys

Target Audience

Enterprise customers want a means by which they can guarantee access to the data on encrypted block devices in employees' systems. This way they still have a way in if the user changes the device's keys/passphrases.

Product Variants / High Level Use Cases

Relevant to desktops/laptops particularly, but depending upon implementation may be interesting for other products as well e.g. to support encrypted databases, medical records protection.

Hardware Architectures

All

Testing

TBD but should be integrated with anaconda storage testing

Third-Party Dependencies

Cryptsetup-luks, volume_key, perhaps python-nss, and anaconda interdependencies

Bugzilla Numbers

  • See Bug 458392 - [RFE] luks: add support for admin keyslot for the prereq from an anaconda POV
Note: The above description does not address the "admin keyslot" requirement. This remains an useful feature, does anybody own it?
  • Bug 488718 - (encrypted_LVM) Support for encrypted LVs in LVM2 & key management (tracker) for a description of work in progress
  • Bug 508960 - tracker for all key escrow work
  • Bug 508963 - Add key escrow options to pykickstart
  • Bug 510545 - (anaconda) RFE: encryption key escrow support
  • Bug 508967 - (system-config-kickstart) RFE: encryption key escrow support