From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Integrate cryptsetup in bootloader
Date: Tue, 19 Nov 2013 03:52:46 +0100 [thread overview]
Message-ID: <20131119025246.GA8171@tansi.org> (raw)
In-Reply-To: <CAHRe4pM3p3DooaTQXmAJz+GeJ9VPRFjeTXrusMrtef4SBzsAnw@mail.gmail.com>
Hi,
this topic crops up from time to time. First, doing this yourself
is hard, hard enough that if you have to ask how to do it, you
will find it severely challenging.
That said, it has been done by several distros that can be installed
with "full root encryption". (Full disk encryption is not doable with
cryptsetup. That would need BIOS support.) Best get one of the
distros that do it. They usually just pack cryptsetup and its
libaries into the initrd and write some scripts around it.
One example I use on a laptop is Linux Mint, which will just show
you a box to enter your encrytpion password before booting any futher.
I expect Debian and Ubuntu can do something similar.
Best recommendation if you want to do something like this yourself
is to analyze the initrd of a distro that has it working and go from
there.
Arno
On Tue, Nov 19, 2013 at 03:20:43 CET, Trinh Van Thanh wrote:
> Hi all,
>
> Unencrypted boot partition is not safe for some special requirements. So I
> want to increase the secure level for full disk encryption using dm-crypt.
> Can I integrate cryptsetup in bootloader (example GRUB2) or is there any
> other solutions?
>
> Thanks in advanced,
>
> --
> Trinh Van Thanh
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
----
There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare
next prev parent reply other threads:[~2013-11-19 2:52 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-19 2:20 [dm-crypt] Integrate cryptsetup in bootloader Trinh Van Thanh
2013-11-19 2:52 ` Arno Wagner [this message]
2013-11-19 3:42 ` Ralf Ramsauer
2013-11-19 4:20 ` Arno Wagner
2013-11-19 13:38 ` Ralf Ramsauer
2013-11-20 15:34 ` Arno Wagner
2013-11-27 2:16 ` Trinh Van Thanh
2013-11-27 13:45 ` Ralf Ramsauer
2013-11-19 23:28 ` Sven Eschenberg
2013-11-20 0:28 ` Ralf Ramsauer
2013-11-20 1:13 ` Sven Eschenberg
2013-11-20 9:24 ` Alex Elsayed
2013-11-19 3:27 ` Christoph Anton Mitterer
2013-11-20 9:09 ` Alex Elsayed
2013-11-20 9:14 ` Alex Elsayed
2013-11-19 4:56 ` Milan Broz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131119025246.GA8171@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox