From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SAODaIJ6g5KO for ; Tue, 19 Nov 2013 05:56:23 +0100 (CET) Received: from mail-ea0-x234.google.com (mail-ea0-x234.google.com [IPv6:2a00:1450:4013:c01::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.saout.de (Postfix) with ESMTPS for ; Tue, 19 Nov 2013 05:56:23 +0100 (CET) Received: by mail-ea0-f180.google.com with SMTP id f15so1109849eak.11 for ; Mon, 18 Nov 2013 20:56:22 -0800 (PST) Message-ID: <528AEF73.8040201@gmail.com> Date: Tue, 19 Nov 2013 05:56:19 +0100 From: Milan Broz MIME-Version: 1.0 References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Integrate cryptsetup in bootloader List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Trinh Van Thanh Cc: dm-crypt@saout.de On 11/19/2013 03:20 AM, Trinh Van Thanh wrote: > Hi all, > > Unencrypted boot partition is not safe for some special requirements. > So I want to increase the secure level for full disk encryption using > dm-crypt. Can I integrate cryptsetup in bootloader (example GRUB2) or > is there any other solutions? FYI GRUB2 has some LUKS support already integrated, you can try it... It is reimplementation, just some code was copied from cryptsetup. See e.g. Gentoo wiki http://wiki.gentoo.org/wiki/GRUB2#Booting_from_LUKS_Physical_Volume But I think not many people using it, initramfs with boot partition is most common. Milan