From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <oliviersessink@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id K1r6mGERz9nR for <dm-crypt@saout.de>;
 Tue, 23 Aug 2011 11:14:09 +0200 (CEST)
Received: from mail-ew0-f50.google.com (mail-ew0-f50.google.com
 [209.85.215.50]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Tue, 23 Aug 2011 11:14:08 +0200 (CEST)
Received: by ewy10 with SMTP id 10so2353188ewy.37
 for <dm-crypt@saout.de>; Tue, 23 Aug 2011 02:14:08 -0700 (PDT)
Message-ID: <4E536F5E.7020003@gmail.com>
Date: Tue, 23 Aug 2011 11:14:06 +0200
From: Olivier Sessink <oliviersessink@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [dm-crypt] unlocking dm-crypt from grub - kernel in crypted volume
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Hi all,

There seems to be some support for dm-crypt in grub, such that you can 
store the kernel in the encrypted volume, and only have grub 
unencrypted. This makes the attack vector a lot smaller, however, it is 
unclear to me if there is any development on this subject. For example 
passing the password in a safe way from grub to the kernel might be 
useful to make such a solution acceptable for end users.

Is there news on this development?

Olivier