From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1QELjN-00078g-FE for mharc-grub-devel@gnu.org; Mon, 25 Apr 2011 09:21:37 -0400 Received: from eggs.gnu.org ([140.186.70.92]:49107) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QELjL-00078Y-CT for grub-devel@gnu.org; Mon, 25 Apr 2011 09:21:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QELjK-0001wz-6X for grub-devel@gnu.org; Mon, 25 Apr 2011 09:21:35 -0400 Received: from mail-wy0-f169.google.com ([74.125.82.169]:60436) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QELjJ-0001wp-SO for grub-devel@gnu.org; Mon, 25 Apr 2011 09:21:34 -0400 Received: by wyf19 with SMTP id 19so1948521wyf.0 for ; Mon, 25 Apr 2011 06:21:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:x-enigmail-version:content-type; bh=sxdiAcqaX0jc7A3l7Yf/I6E2yzIEBWtCAufBCwKuAV8=; b=QeaT2DLSKDEZxeKtyrC9jI8G7oR9O85+ppXCnmfG855+BHAmXxm7GMmDGz+8DW9jIv x80coY6Adzp8XIsDVqnf/dqQizkBnIax9hal5NQBf0xdIJkTZLt+yL8Z+CLG8DEijApj eHFasEr3+7caUcDfeZIZopc0aCrbPP/+pUog8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:x-enigmail-version:content-type; b=pbUYQluHuNzMOmVb82fRldcUJEKYrbTrwzysKHZuGREp0w8Vn592QMtcy6b0AU1/FR WLtWOiY/Kc2DK3BhlFMmmkR5sjbmf/Pf75DuxEkcZjiiMR1tx2+UIv2V2+rXiuj4xCN6 1YFZ8X/TBwPUAsNgP/rsefUCPPeGJo/PSHB7s= Received: by 10.227.10.149 with SMTP id p21mr3828720wbp.195.1303737693088; Mon, 25 Apr 2011 06:21:33 -0700 (PDT) Received: from debian.x201.phnet (78-68.62-81.cust.bluewin.ch [81.62.68.78]) by mx.google.com with ESMTPS id y29sm3267852wbd.21.2011.04.25.06.21.31 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 25 Apr 2011 06:21:32 -0700 (PDT) Message-ID: <4DB57557.1060202@gmail.com> Date: Mon, 25 Apr 2011 15:21:27 +0200 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Gecko/20110402 Iceowl/1.0b2 Icedove/3.1.9 MIME-Version: 1.0 To: The development of GNU GRUB Subject: [RFT] LUKS and GELI (was Re: Luks inclusion) References: <4DAEEFA8.2080805@gmail.com> <239CEBDEE83EB949A48B6DB812AA19F602F8246E@ex2.zuv.uni-muenchen.de> <4DB2017D.7080209@gmail.com> In-Reply-To: <4DB2017D.7080209@gmail.com> X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enigD830E86295E6302074DC879E" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2) X-Received-From: 74.125.82.169 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2011 13:21:36 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD830E86295E6302074DC879E Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello all. I've added both LUKS and GELI (except version-0, big-endian volumes, keyfiles and HMAC) to my luks branch > I've cleaned the patch (took a lot of time), not because I believe it's= > a useful feature but since it has become an often requested one. > The branch is available at > http://bzr.savannah.gnu.org/r/grub/branches/luks/ . > You need to set GRUB_LUKS_ENABLE=3Dy. Beware that: It was renamed to GRUB_CRYPTODISK_ENABLE=3Dy > a) Crypto in GRUB is much less performant than in kernel due to > inavailability of many accelerated instructions. So prepare for key > recovery taking considerable time or decrease key strengthening. > b) You'll need to enter passphrase twice. Once for GRUB, once for OS. > c) Encrypting doesn't guarantee integrity. Your /boot can be tempered > with even if it's encrypted and GRUB has no way of finding it out. > Encryption is about secrecy and /boot doesn't contain anything secret. > d) core is unencrypted (since BIOS has no encryption support) > e) core needs a much bigger embedding zone > f) no writing to luks as of now. > But even regardless of all that criticism which puts this as > low-priority, I'm fed up with feature requests and since unless it's > activated manually LUKS in GRUB doesn't kick in, I've done the cleanup.= > Now you do the tests and report the results back > --=20 Regards Vladimir '=CF=86-coder/phcoder' Serbinenko --------------enigD830E86295E6302074DC879E Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREKAAYFAk21dVcACgkQNak7dOguQgk0gwD/f7Y6qY8bdSHWmmGs5cUAQqN2 Egu0FfFKs4+8h3iRXGsA/1e7UCMG7f5FJxr60PCRhKGb8/B0nGbRcgnORHZTQs8z =FEJz -----END PGP SIGNATURE----- --------------enigD830E86295E6302074DC879E--