Bottlenecks in Automated Decryption

This proposal has been rejected.


One Line Summary

Discover plumbing pain-points from automating decryption.


The Clevis project aims to provide a framework for automating decryption of data. Clevis currently supports binding LUKS volumes to its cryptographic policy, including root volumes via dracut. However, this project has not come without pain.

In this talk we will discuss the outline of automated decryption and the use-cases it solves. Special attention will be paid to the plumbing problems that we have overcome and even a few we haven’t solved yet.


  • Avatar@2x

    Nathaniel McCallum

    Red Hat, Inc.


    Nathaniel McCallum is a Principal Software Engineer at Red Hat where he develops security related technologies.

    If you’re looking for someone to blame for software projects such as FreeOTP, José, Clevis and Tang, Nathaniel is the guy. He also regularly breaks projects such as FreeIPA and MIT Kerberos with his “contributions.” Not satisfied with unleashing poor software on the world, he works on dismantling the Internet via new IETF Internet Drafts and dabbling in cryptography. Many have suffered through the talks he has given at conferences such as FOSDEM, DevConf, LISA, SCALE, Ping Identity Summit, et cetera. Outside the office, he tries to corrupt the minds of today’s youth through philosophy. His legacy of destruction is all but ensured due to his five children. Also, his wife tolerates him.