# Storing luks passphrase in a variable during early boot

## bernhardd

Hi,

I have two luks partitions for root and swap with the same passphrase. Is it unsafe to read the passphrase into a variable and pipe it to cryptsetup in the initramfs init script:

```

#!/bin/busybox sh

KMAP=binay keymap file

CRYPT_ROOT_UUID=uuid of the root partition

CRYPT_SWAP_UUID=uuid of the swap partition

mount -t proc none /proc

mount -t sysfs none /sys

mount -t devtmpfs none /dev

loadkmap < /etc/$KMAP

read -s PASSP

echo "$PASSP" | /sbin/cryptsetup luksOpen $(findfs UUID=$CRYPT_ROOT_UUID) root

echo "$PASSP" | /sbin/cryptsetup luksOpen $(findfs UUID=$CRYPT_SWAP_UUID) swap

SWAP_MAJ=$(stat -c 0x%t /dev/mapper/swap)

SWAP_MIN=$(stat -c 0x%T /dev/mapper/swap)

echo $((SWAP_MAJ)):$((SWAP_MIN)) > /sys/power/resume

mount -o ro /dev/mapper/root /mnt/root

umount /proc

umount /sys

umount /dev

exec switch_root /mnt/root /sbin/init

```

What happens to PASSP after the switch to real root?

----------

## cach0rr0

it should not be unsafe to do this

a keyfile store in memory is a keyfile stored in memory, whether it's before or after you switch_root

doing this doesnt open you up to any *new* attacks, but there still exists the possibility of men i black suits taking something really cold to your memory sticks, dumping them, and analyzing the dump for your cleartext key at their leisure 

protecting against that requires something like TRESOR, but I'm not terribly convinced I trust TRESOR yet.

----------

## bernhardd

Thanks for your help cach0rr0. If I get you right the passphrase will stay in memory after early boot, but won't be accessbile through PASSP from inside the booted OS. Nor will it find its way into the OS by logging or something like that.

----------

## cach0rr0

 *bernhardd wrote:*   

> Thanks for your help cach0rr0. If I get you right the passphrase will stay in memory after early boot, but won't be accessbile through PASSP from inside the booted OS. Nor will it find its way into the OS by logging or something like that.

 

if you were to pass the variable to ${PASSP} to /sbin/init in your switch_root statement, it would be available/visible to the OS

otherwise, it will not. 

again though, it doesn't make a ton of difference as far as the recoverability of the key goes. 

the key is still going to be cleartext in memory, whether it's the initramfs storing it as a variable, or the OS storing it in memory after switch_root

so in either case, if someone can read your memory, they can read your key.

----------

## bernhardd

Thanks.

----------

