From: Andrei Borzenkov <arvidjaar@gmail.com>
To: "B. S." <bs27975@gmail.com>, linux-btrfs <linux-btrfs@vger.kernel.org>
Subject: Re: Pointers to mirroring partitions (w/ encryption?) help?
Date: Sun, 5 Jun 2016 00:14:53 +0300 [thread overview]
Message-ID: <575344CD.4070900@gmail.com> (raw)
In-Reply-To: <5753105A.1030404@gmail.com>
04.06.2016 20:31, B. S. пишет:
>>>
>>> Yeah, when it comes to FDE, you either have to make your peace with
>>> trusting the manufacturer, or you can't. If you are going to boot
>>> your system with a traditional boot loader, an unencrypted partition
>>> is mandatory.
>>
>> No, it is not with grub2 that supports LUKS (and geli in *BSD world). Of
>> course initial grub image must be written outside of encrypted area and
>> readable by firmware.
>
> Good to know. Do you have a link to a how to on such?
>
As long as you use grub-install and grub-mkconfig this "just works" in
the sense they both detect encrypted container and add necessary drivers
and other steps to access it. The only manual setup is to add
GRUB_ENABLE_CRYPTODISK=y
to /etc/default/grub.
You will need to enter LUKS password twice - once in GRUB, once in
kernel (there is no interface for passing passphrase from bootloader to
Linux kernel). Some suggest including passphrase in initrd (on
assumption that it is encrypted anyway already); there are patches to
support use of external keyfile in grub as well.
next prev parent reply other threads:[~2016-06-04 21:14 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-03 20:30 Pointers to mirroring partitions (w/ encryption?) help? B. S.
2016-06-04 1:39 ` Justin Brown
2016-06-04 5:33 ` B. S.
2016-06-04 7:46 ` Andrei Borzenkov
2016-06-04 17:31 ` B. S.
2016-06-04 21:14 ` Andrei Borzenkov [this message]
2016-06-04 19:05 ` Chris Murphy
2016-06-04 21:07 ` Andrei Borzenkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=575344CD.4070900@gmail.com \
--to=arvidjaar@gmail.com \
--cc=bs27975@gmail.com \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).