From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WSAYY6VDiv9B for ; Wed, 9 Nov 2011 19:42:07 +0100 (CET) Received: from mail-yx0-f171.google.com (mail-yx0-f171.google.com [209.85.213.171]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Wed, 9 Nov 2011 19:42:07 +0100 (CET) Received: by yenl6 with SMTP id l6so1471135yen.30 for ; Wed, 09 Nov 2011 10:42:05 -0800 (PST) MIME-Version: 1.0 From: Marcos Barbosa Date: Wed, 9 Nov 2011 16:41:44 -0200 Message-ID: Content-Type: multipart/alternative; boundary=000e0cd4c640fac84404b151a457 Subject: [dm-crypt] LiveUSB encrypted. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --000e0cd4c640fac84404b151a457 Content-Type: text/plain; charset=ISO-8859-1 How i create a Ubuntu liveUSB inside a USB stick? The trick: The casper files is inside a encrypted partition with LUKS. any ideas? -- Marcos Barbosa --000e0cd4c640fac84404b151a457 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable How i create a Ubuntu liveUSB inside a USB stick?

The trick: The casper= files is inside a encrypted partition with LUKS.

= any ideas?

--
Marcos Barbosa <marcosestevesbarbosa= @gmail.com>

--000e0cd4c640fac84404b151a457-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P7_byoXiCL0i for ; Wed, 9 Nov 2011 21:34:47 +0100 (CET) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Wed, 9 Nov 2011 21:34:47 +0100 (CET) Received: from gatewagner.dyndns.org (84-74-163-71.dclient.hispeed.ch [84.74.163.71]) by v4.tansi.org (Postfix) with ESMTPA id 14C201404001 for ; Wed, 9 Nov 2011 21:34:46 +0100 (CET) Date: Wed, 9 Nov 2011 21:34:45 +0100 From: Arno Wagner Message-ID: <20111109203445.GA4797@tansi.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] LiveUSB encrypted. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de You don't. What you do instead is use an encrypted data partition, which may be supported by some Ubuntu tool. The problem is that the kernel and an initrd have to reside outside of the encrypted space. There is no way around that. As a consequence, an attacker can already modify those two and get complete control. If you are worried about this, use some form of physical protection. Weak protection comes from using write-once media like a CD-R. Stronger comes from using an encrypted memory-stick with keypad. (Beware, there are secure and insecure ones on the market.) You can also ware the stick around your neck. Arno On Wed, Nov 09, 2011 at 04:41:44PM -0200, Marcos Barbosa wrote: > How i create a Ubuntu liveUSB inside a USB stick? > The trick: The casper files is inside a encrypted partition with LUKS. > > any ideas? > > -- > Marcos Barbosa > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tx48qymcJqkt for ; Wed, 9 Nov 2011 22:26:58 +0100 (CET) Received: from mail-yw0-f50.google.com (mail-yw0-f50.google.com [209.85.213.50]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Wed, 9 Nov 2011 22:26:57 +0100 (CET) Received: by ywp18 with SMTP id 18so1068589ywp.37 for ; Wed, 09 Nov 2011 13:26:56 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <20111109203445.GA4797@tansi.org> References: <20111109203445.GA4797@tansi.org> From: Marcos Barbosa Date: Wed, 9 Nov 2011 19:26:26 -0200 Message-ID: Content-Type: multipart/alternative; boundary=000e0cd34f6afcde6c04b153f180 Subject: Re: [dm-crypt] LiveUSB encrypted. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --000e0cd34f6afcde6c04b153f180 Content-Type: text/plain; charset=ISO-8859-1 Hello Arno, I can survive if kernel and initrd stay in a separated partition. May be i create a script to generate hash and sign them. If I use a separated partition, what is the next logical step? 2011/11/9 Arno Wagner > You don't. What you do instead is use an encrypted > data partition, which may be supported by some > Ubuntu tool. > > The problem is that the kernel and an initrd have to > reside outside of the encrypted space. There is no > way around that. As a consequence, an attacker can > already modify those two and get complete control. > > If you are worried about this, use some form of > physical protection. Weak protection comes from using > write-once media like a CD-R. Stronger comes from > using an encrypted memory-stick with keypad. (Beware, > there are secure and insecure ones on the market.) > You can also ware the stick around your neck. > > Arno > > On Wed, Nov 09, 2011 at 04:41:44PM -0200, Marcos Barbosa wrote: > > How i create a Ubuntu liveUSB inside a USB stick? > > The trick: The casper files is inside a encrypted partition with LUKS. > > > > any ideas? > > > > -- > > Marcos Barbosa > > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: > arno@wagner.name > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 > 338F > ---- > Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans > > If it's in the news, don't worry about it. The very definition of > "news" is "something that hardly ever happens." -- Bruce Schneier > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Marcos Barbosa --000e0cd34f6afcde6c04b153f180 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hello Arno,

I can survive if kernel and initrd stay in a= separated partition. May be i create a script to generate hash and sign th= em. If I use a separated partition, what is the next logical step?

2011/11/9 Arno Wagner <arno@wagner.name>
You don't. What you do instead is use an encrypted
data partition, which may be supported by some
Ubuntu tool.

The problem is that the kernel and an initrd have to
reside outside of the encrypted space. There is no
way around that. As a consequence, an attacker can
already modify those two and get complete control.

If you are worried about this, use some form of
physical protection. Weak protection comes from using
write-once media like a CD-R. Stronger comes from
using an encrypted memory-stick with keypad. (Beware,
there are secure and insecure ones on the market.)
You can also ware the stick around your neck.

Arno

On Wed, Nov 09, 2011 at 04:41:44PM -0200, Marcos Barbosa wrote:
> How i create a Ubuntu liveUSB inside a USB stick?
> The trick: The casper files is inside a encrypted partition with LUKS.=
>
> any ideas?
>
> --
> Marcos Barbosa <m= arcosestevesbarbosa@gmail.com>

> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name
GnuPG: =A0ID: 1E25338F =A0FP: 0C30 5782 9D93 F785 E79C =A00296 797F 6B50 1E= 25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. =A0The very definition o= f
"news" is "something that hardly ever happens." -- Bruc= e Schneier
_______________________________________________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt

-- Marcos Barbosa <marcosestevesbarbosa@gmail.com>

--000e0cd34f6afcde6c04b153f180-- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gnF8wAmVQPMH for ; Thu, 10 Nov 2011 11:30:29 +0100 (CET) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 10 Nov 2011 11:30:28 +0100 (CET) Received: from gatewagner.dyndns.org (84-74-163-71.dclient.hispeed.ch [84.74.163.71]) by v4.tansi.org (Postfix) with ESMTPA id 6398C1404001 for ; Thu, 10 Nov 2011 11:30:28 +0100 (CET) Date: Thu, 10 Nov 2011 11:30:27 +0100 From: Arno Wagner Message-ID: <20111110103027.GA16231@tansi.org> References: <20111109203445.GA4797@tansi.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] LiveUSB encrypted. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de Hi Marcos, I actually do not know in detail. Basically you need a bootloader to load kernel and initrd, and the initrd then needs to decrypt the encrypted root partition and mount it as such. Personally I do not use initrd in my own installations. For encrypted data on USB, an encrypted user area is quite enough for me. (I use knoppix, it offers to create one when booted from USB stick the first time). There are some people on the list, that have worked on something like you want. Maybe search the archves and ask them directly. Arno On Wed, Nov 09, 2011 at 07:26:26PM -0200, Marcos Barbosa wrote: > Hello Arno, > > I can survive if kernel and initrd stay in a separated partition. May be i > create a script to generate hash and sign them. If I use a separated > partition, what is the next logical step? > > 2011/11/9 Arno Wagner > > > You don't. What you do instead is use an encrypted > > data partition, which may be supported by some > > Ubuntu tool. > > > > The problem is that the kernel and an initrd have to > > reside outside of the encrypted space. There is no > > way around that. As a consequence, an attacker can > > already modify those two and get complete control. > > > > If you are worried about this, use some form of > > physical protection. Weak protection comes from using > > write-once media like a CD-R. Stronger comes from > > using an encrypted memory-stick with keypad. (Beware, > > there are secure and insecure ones on the market.) > > You can also ware the stick around your neck. > > > > Arno > > > > On Wed, Nov 09, 2011 at 04:41:44PM -0200, Marcos Barbosa wrote: > > > How i create a Ubuntu liveUSB inside a USB stick? > > > The trick: The casper files is inside a encrypted partition with LUKS. > > > > > > any ideas? > > > > > > -- > > > Marcos Barbosa > > > > > _______________________________________________ > > > dm-crypt mailing list > > > dm-crypt@saout.de > > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > -- > > Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: > > arno@wagner.name > > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 > > 338F > > ---- > > Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans > > > > If it's in the news, don't worry about it. The very definition of > > "news" is "something that hardly ever happens." -- Bruce Schneier > > _______________________________________________ > > dm-crypt mailing list > > dm-crypt@saout.de > > http://www.saout.de/mailman/listinfo/dm-crypt > > > > > > -- > Marcos Barbosa > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8HeMdIiJlpaF for ; Thu, 10 Nov 2011 12:00:41 +0100 (CET) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 10 Nov 2011 12:00:40 +0100 (CET) Received: from int-mx02.intmail.prod.int.phx2.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id pAAB0dbe029206 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 10 Nov 2011 06:00:39 -0500 Received: from [10.34.30.35] (tawny.brq.redhat.com [10.34.30.35]) by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id pAAB0bu8018746 for ; Thu, 10 Nov 2011 06:00:38 -0500 Message-ID: <4EBBAED4.1060308@redhat.com> Date: Thu, 10 Nov 2011 12:00:36 +0100 From: Milan Broz MIME-Version: 1.0 References: <20111109203445.GA4797@tansi.org> <20111110103027.GA16231@tansi.org> In-Reply-To: <20111110103027.GA16231@tansi.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] LiveUSB encrypted. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 11/10/2011 11:30 AM, Arno Wagner wrote: > I actually do not know in detail. Basically you need a > bootloader to load kernel and initrd, and the initrd then needs > to decrypt the encrypted root partition and mount it as such. grub2 boor loader should be able to decrypt full LUKS mapping without initramfs. Milan From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ho0BNl5Bp3wG for ; Thu, 10 Nov 2011 12:44:05 +0100 (CET) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 10 Nov 2011 12:44:04 +0100 (CET) Received: from gatewagner.dyndns.org (84-74-163-71.dclient.hispeed.ch [84.74.163.71]) by v4.tansi.org (Postfix) with ESMTPA id B83A11404001 for ; Thu, 10 Nov 2011 12:44:04 +0100 (CET) Date: Thu, 10 Nov 2011 12:44:04 +0100 From: Arno Wagner Message-ID: <20111110114403.GA17114@tansi.org> References: <20111109203445.GA4797@tansi.org> <20111110103027.GA16231@tansi.org> <4EBBAED4.1060308@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4EBBAED4.1060308@redhat.com> Subject: Re: [dm-crypt] LiveUSB encrypted. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de That would be nice. And a reason to switch bootloaders. Arno On Thu, Nov 10, 2011 at 12:00:36PM +0100, Milan Broz wrote: > On 11/10/2011 11:30 AM, Arno Wagner wrote: > > I actually do not know in detail. Basically you need a > > bootloader to load kernel and initrd, and the initrd then needs > > to decrypt the encrypted root partition and mount it as such. > > grub2 boor loader should be able to decrypt full LUKS mapping without initramfs. > > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yJrsXuSdv4vs for ; Thu, 10 Nov 2011 14:37:18 +0100 (CET) Received: from mail.oldum.net (cable-84-43-136-96.mnet.bg [84.43.136.96]) by mail.saout.de (Postfix) with ESMTP for ; Thu, 10 Nov 2011 14:37:17 +0100 (CET) Received: from [192.168.0.172] (unknown [213.91.163.5]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: hijacker@services.oldum.net) by mail.oldum.net (Postfix) with ESMTPSA id F3A47454AF for ; Thu, 10 Nov 2011 15:27:32 +0200 (EET) Message-ID: <4EBBD144.9020900@oldum.net> Date: Thu, 10 Nov 2011 15:27:32 +0200 From: Nikolay Kichukov MIME-Version: 1.0 References: <20111109203445.GA4797@tansi.org> <20111110103027.GA16231@tansi.org> <4EBBAED4.1060308@redhat.com> <20111110114403.GA17114@tansi.org> In-Reply-To: <20111110114403.GA17114@tansi.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] LiveUSB encrypted. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It SHOULD. When I have attempted to make it boot I failed. The module was in beta development back then, maybe this have changed now. Cheers, - -Nik On 11/10/2011 01:44 PM, Arno Wagner wrote: > That would be nice. And a reason to switch bootloaders. > > Arno > > On Thu, Nov 10, 2011 at 12:00:36PM +0100, Milan Broz wrote: >> On 11/10/2011 11:30 AM, Arno Wagner wrote: >>> I actually do not know in detail. Basically you need a >>> bootloader to load kernel and initrd, and the initrd then needs >>> to decrypt the encrypted root partition and mount it as such. >> >> grub2 boor loader should be able to decrypt full LUKS mapping without initramfs. >> >> Milan >> _______________________________________________ >> dm-crypt mailing list >> dm-crypt@saout.de >> http://www.saout.de/mailman/listinfo/dm-crypt >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOu9FEAAoJEDFLYVOGGjgXf5QH/A+gPnSg0YFi/ankNoaE4uln DxHM+EnV9jwWq41tCDwjnWY9RbZRFs3Ac4azzJD8lW1/SNsMNQ1xV5ZWExUBlbYs 6xGyccG001bILiEfMcB3AOs4F7MaKLMSIbuyR+wcIcyLdU4/fvAmAK/OxdnO/zf7 KJjK/Ha0c5QRQ28AcOKBvOozRb8Ed6axB3ugpHGFYYVd1oo55PBfk/kgZlVJ8qk4 hb1Feoo0BdhgeVxK2DBAAo49dDMDv+V5t75GYQtGAtDeHxfLDz87lqvMx0hYT8We M3IjoQvvcz9KhuV5G4n3R8oneXARbXX+3zlFq35rnWlG9ncTxr4ELxZBCWIlnX0= =Hx2j -----END PGP SIGNATURE----- From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WeSk_hwqdH6D for ; Thu, 10 Nov 2011 15:32:50 +0100 (CET) Received: from mail-yw0-f50.google.com (mail-yw0-f50.google.com [209.85.213.50]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Thu, 10 Nov 2011 15:32:50 +0100 (CET) Received: by ywm13 with SMTP id 13so369798ywm.37 for ; Thu, 10 Nov 2011 06:32:48 -0800 (PST) MIME-Version: 1.0 In-Reply-To: <4EBBD144.9020900@oldum.net> References: <20111109203445.GA4797@tansi.org> <20111110103027.GA16231@tansi.org> <4EBBAED4.1060308@redhat.com> <20111110114403.GA17114@tansi.org> <4EBBD144.9020900@oldum.net> From: Marcos Barbosa Date: Thu, 10 Nov 2011 12:32:27 -0200 Message-ID: Content-Type: multipart/alternative; boundary=000e0cd3725659a72604b16247c9 Subject: Re: [dm-crypt] LiveUSB encrypted. List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de --000e0cd3725659a72604b16247c9 Content-Type: text/plain; charset=ISO-8859-1 Thanks guys. Any details about the use of GRUB2 to decrypt? parameters, etc. or a link to documentation? 2011/11/10 Nikolay Kichukov > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > It SHOULD. > > When I have attempted to make it boot I failed. The module was in beta > development back then, maybe this have changed now. > > Cheers, > - -Nik > > On 11/10/2011 01:44 PM, Arno Wagner wrote: > > That would be nice. And a reason to switch bootloaders. > > > > Arno > > > > On Thu, Nov 10, 2011 at 12:00:36PM +0100, Milan Broz wrote: > >> On 11/10/2011 11:30 AM, Arno Wagner wrote: > >>> I actually do not know in detail. Basically you need a > >>> bootloader to load kernel and initrd, and the initrd then needs > >>> to decrypt the encrypted root partition and mount it as such. > >> > >> grub2 boor loader should be able to decrypt full LUKS mapping without > initramfs. > >> > >> Milan > >> _______________________________________________ > >> dm-crypt mailing list > >> dm-crypt@saout.de > >> http://www.saout.de/mailman/listinfo/dm-crypt > >> > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJOu9FEAAoJEDFLYVOGGjgXf5QH/A+gPnSg0YFi/ankNoaE4uln > DxHM+EnV9jwWq41tCDwjnWY9RbZRFs3Ac4azzJD8lW1/SNsMNQ1xV5ZWExUBlbYs > 6xGyccG001bILiEfMcB3AOs4F7MaKLMSIbuyR+wcIcyLdU4/fvAmAK/OxdnO/zf7 > KJjK/Ha0c5QRQ28AcOKBvOozRb8Ed6axB3ugpHGFYYVd1oo55PBfk/kgZlVJ8qk4 > hb1Feoo0BdhgeVxK2DBAAo49dDMDv+V5t75GYQtGAtDeHxfLDz87lqvMx0hYT8We > M3IjoQvvcz9KhuV5G4n3R8oneXARbXX+3zlFq35rnWlG9ncTxr4ELxZBCWIlnX0= > =Hx2j > -----END PGP SIGNATURE----- > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Marcos Barbosa --000e0cd3725659a72604b16247c9 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Thanks guys.

Any details about the use of GRUB2 to decry= pt?

parameters, etc. or a link to documentation?

2011/11/10 Nikolay Kichukov <hijacker@oldum.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It SHOULD.

When I have attempted to make it boot I failed. The module was in beta deve= lopment back then, maybe this have changed now.

Cheers,
- -Nik

On 11/10/2011 01:44 PM, Arno Wagner wrote:
> That would be nice. And a reason to switch bootloaders.
>
> Arno
>
> On Thu, Nov 10, 2011 at 12:00:36PM +0100, Milan Broz wrote:
>> On 11/10/2011 11:30 AM, Arno Wagner wrote:
>>> I actually do not know in detail. Basically you need a
>>> bootloader to load kernel and initrd, and the initrd then need= s
>>> to decrypt the encrypted root partition and mount it as such.<= br> >>
>> grub2 boor loader should be able to decrypt full LUKS mapping with= out initramfs.
>>
>> Milan
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOu9FEAAoJEDFLYVOGGjgXf5QH/A+gPnSg0YFi/ankNoaE4uln
DxHM+EnV9jwWq41tCDwjnWY9RbZRFs3Ac4azzJD8lW1/SNsMNQ1xV5ZWExUBlbYs
6xGyccG001bILiEfMcB3AOs4F7MaKLMSIbuyR+wcIcyLdU4/fvAmAK/OxdnO/zf7
KJjK/Ha0c5QRQ28AcOKBvOozRb8Ed6axB3ugpHGFYYVd1oo55PBfk/kgZlVJ8qk4
hb1Feoo0BdhgeVxK2DBAAo49dDMDv+V5t75GYQtGAtDeHxfLDz87lqvMx0hYT8We
M3IjoQvvcz9KhuV5G4n3R8oneXARbXX+3zlFq35rnWlG9ncTxr4ELxZBCWIlnX0=3D
=3DHx2j
-----END PGP SIGNATURE-----

___________________________________= ____________
dm-crypt mailing list
dm-crypt@saout.de
http://www.saout.de/mailman/listinfo/dm-crypt

--
= Marcos Barbosa <marcosestevesbarbosa@gmail.com>

--000e0cd3725659a72604b16247c9--