cce59eea28
So far setting the luks= attribute on a live image build had no impact to the generated ISO image. This commit adds the encryption capability also for live ISO images. The read-only part of the rootfs gets encrypted using the provided luks passphrase. An eventual persistent storage area gets encrypted at boot time if the rd.live.encrypt kernel cmdline parameters is passed. encryption/decryption requires to interactively set/provide passhphrase information at boot time. Please note due to the read-only restrictions of an ISO image there is no way to apply the standard re-encryption process as it is usually performed by kiwi encrypted systems. As such the specified luks passphrase in the kiwi image descriptions becomes sensitive information that needs to be protected |
||
|---|---|---|
| .. | ||
| customize_the_boot_process.rst | ||
| packages.rst | ||
| profiles.rst | ||
| repository_setup.rst | ||
| runtime_configuration.rst | ||
| shell_scripts.rst | ||
| systemdeps.rst | ||
| users.rst | ||