From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with archive (Exim 4.43) id 1LuURF-0004aD-9N for mharc-grub-devel@gnu.org; Thu, 16 Apr 2009 12:27:45 -0400 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LuURD-0004Zk-DN for grub-devel@gnu.org; Thu, 16 Apr 2009 12:27:43 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LuUR8-0004YT-QE for grub-devel@gnu.org; Thu, 16 Apr 2009 12:27:42 -0400 Received: from [199.232.76.173] (port=41970 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LuUR8-0004YM-I4 for grub-devel@gnu.org; Thu, 16 Apr 2009 12:27:38 -0400 Received: from mail-bw0-f215.google.com ([209.85.218.215]:62168) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1LuUR7-0000pm-FH for grub-devel@gnu.org; Thu, 16 Apr 2009 12:27:38 -0400 Received: by bwz11 with SMTP id 11so535983bwz.42 for ; Thu, 16 Apr 2009 09:27:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=9CvwuyB2TNCaNqVyXVodnHhpfylcthWMunANgL09+QY=; b=FGfG0ILYY7dmBa0Ho82XHZd9tBxEH8aBXAB7BAh/YJlHRLD0N4Tedux4N49YAMeHbW 01EQyymZ1+apzqw78FRn6j6FhnEINtxTYPRMtSA64x3xFcdlg9vxo0x+4iJWnso9sF/F sCkZ1NpCqwqZu9Tx2hlFPnOKp9OETUwiJEJBk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; b=Ph8nth4m/a84p9nKweth9Pk3URgtp8eb+JLVwviXOqkKACDt4Ah70Pvuj8TzE+D5Q0 foyVtAtD7OW0xDyQkZmkfKijvgFbwQxEBZlSyFKFfc64pGYLSQ2RM2YtQENm+kzpKpi4 2Xy5yjKrL4GQJZGpw1tuYWxMewGkqPSsS1Sm8= Received: by 10.103.226.10 with SMTP id d10mr836142mur.105.1239899256160; Thu, 16 Apr 2009 09:27:36 -0700 (PDT) Received: from ?192.168.1.100? (213-190.203-62.cust.bluewin.ch [62.203.190.213]) by mx.google.com with ESMTPS id y37sm2927112mug.37.2009.04.16.09.27.34 (version=SSLv3 cipher=RC4-MD5); Thu, 16 Apr 2009 09:27:35 -0700 (PDT) Message-ID: <49E75C75.40706@gmail.com> Date: Thu, 16 Apr 2009 18:27:33 +0200 From: phcoder User-Agent: Thunderbird 2.0.0.21 (X11/20090409) MIME-Version: 1.0 To: The development of GRUB 2 References: <20090415185854.25415b00@debian> <49E60A77.7030800@gmail.com> <20090416211205.7b715cf8@debian> In-Reply-To: <20090416211205.7b715cf8@debian> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2) Subject: Re: truecrypt support in grub ? X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: The development of GRUB 2 List-Id: The development of GRUB 2 List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Apr 2009 16:27:43 -0000 J. Bakshi wrote: > On Wed, 15 Apr 2009 18:25:27 +0200 > phcoder wrote: > >> Michael Gorven has already implemented LUKS support for grub2. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > really nice to know. But does it still required /boot partition as un-encrypted ? > It's already able to load kernels from encrypted partition. For the moment it's too big to fit to mbr gap but in perspective it could be squeezed enough. Then you don't need unencrypted partitions at all. For now if you want to do this you need to leave some space before the first partition. Be aware that even if such configuration is nice it doesn't increase security in any way. The easiest attack is to replace grub with a recompiled grub which additionally writes password somewhere on the disk > >> Using >> truecrypt with linux partitions is a bad idea - this encryption isn't >> native to it in any way and also truecrypt is under GPL-incompatible >> licence which means it's unlikely to be incorporated to grub (you >> need to figure out the on-disk layout of truecrypt and then >> reimplement it from scratch (but you can reuse ciphers from luks >> implementation)). If all you want is boot windows installed on >> truecrypt partition then the best way is to chainload truecrypt >> booter. I haven't yet looked in it myself but it seems that truecrypt >> booter uses mbr gap too which conflicts with grub. However it can be >> workarounded by dumping contents of mbr gap created by truecrypt and >> replicating the action of tc-mbr (can't be difficult) > > eagerly waiting to see that grub2 support that > Why don't you help us with that? Install truecrypt, dump mbr and mbr gap. Disassemble mbr and send an explanation of what it does in plain english here > Thanks > >> J. Bakshi wrote: >>> Hello list, >>> >>> GRUB2 is a robust boot loader. Is it possible to have truecrypt >>> encryption support dirctly in GRUB2 ? Then we can have truecrypt >>> encrypted partition with linux installed and GRUB2 just decrypt it >>> and load the kernel. >>> >>> Thanks >>> >>> >>> _______________________________________________ >>> Grub-devel mailing list >>> Grub-devel@gnu.org >>> http://lists.gnu.org/mailman/listinfo/grub-devel >> > > > _______________________________________________ > Grub-devel mailing list > Grub-devel@gnu.org > http://lists.gnu.org/mailman/listinfo/grub-devel -- Regards Vladimir 'phcoder' Serbinenko