1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 04.09.2012 15:48, "Roland Häder" wrote: |
5 |
> I think I made a (tollerateable) mistake: |
6 |
> |
7 |
> My hard drive has two partitions: - sda1 - encrypted swap - sda2 - |
8 |
> encrypted root |
9 |
> |
10 |
> How should it boot? One way could be by external media (e.g. |
11 |
> stick), other is from hard drive. But that is encrypted. So I must |
12 |
> leave a small area left for kernel, initrd, System.map and maybe |
13 |
> config. |
14 |
> |
15 |
> So the page at [1] is a little wrong because it misses the boot |
16 |
> partition, so the new layout should be: - sda1 - unencrypted boot |
17 |
> (/boot) partition - sda2 - encrypted swap (at least as double as |
18 |
> your RAM) (crypt-swap) - sda3 - encrypted root (crypt-root) |
19 |
> |
20 |
> Can someone update this? |
21 |
> |
22 |
> Regards, Roland |
23 |
> |
24 |
> [1]: http://wiki.gentoo.org/wiki/DM-Crypt |
25 |
> |
26 |
|
27 |
In theory grub2 is able to open a luks-encrypted volume though it |
28 |
seems to have some disadvantages: you'll need to enter the passphrase |
29 |
(or pass the keyfile) two times, because grub itself needs to decrypt |
30 |
the volume to get the later stages from the encrypted volume and |
31 |
afterwards the decryption in the bootprocess itself takes place. |
32 |
|
33 |
I can't give any real advice about it though, because I use an |
34 |
unencrypted boot partition. Depending on your needs it could be an |
35 |
increase of security, because you can stop an attacker from injecting |
36 |
malicious code into your kernel (or replace it completely). |
37 |
|
38 |
WKR |
39 |
Hinnerk |
40 |
-----BEGIN PGP SIGNATURE----- |
41 |
Version: GnuPG v2.0.19 (GNU/Linux) |
42 |
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ |
43 |
|
44 |
iQEcBAEBAgAGBQJQRjxMAAoJEJwwOFaNFkYcWfcIAJvh9CxmlPeWTlJ8qMMb24tf |
45 |
8tCVPo7FjnELrOqHwccqRceC1/1kIfjfYy0BowbRBOAV49WEIt3WWZhySVcS5PzH |
46 |
mh30OVZZ1Gb94QjwUSoKb+4FfULpM8oVp3kpaxf11Ls7SlJgRkW4hiSNmEWGt/2Q |
47 |
RRgTQpkFp7W6b1sWnbnKY491iCsL657G90UK7lKe3qe15u7V0E8bY2XvzJrPSf4E |
48 |
K3V0mpHunLWDMbr0lfoezbeOEuqSfRdUlgQWw3Q4iCKBxFX5hh9ac5T8cne4xUJ7 |
49 |
OKp6HAYE3sl8othQ+ngMNVyu/vX6j0dCtZHgPtAZEDU1pjE33rjiaLXm15aCVbU= |
50 |
=AG8l |
51 |
-----END PGP SIGNATURE----- |