| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 04.09.2012 15:48, "Roland Häder" wrote: |
| 5 |
> I think I made a (tollerateable) mistake: |
| 6 |
> |
| 7 |
> My hard drive has two partitions: - sda1 - encrypted swap - sda2 - |
| 8 |
> encrypted root |
| 9 |
> |
| 10 |
> How should it boot? One way could be by external media (e.g. |
| 11 |
> stick), other is from hard drive. But that is encrypted. So I must |
| 12 |
> leave a small area left for kernel, initrd, System.map and maybe |
| 13 |
> config. |
| 14 |
> |
| 15 |
> So the page at [1] is a little wrong because it misses the boot |
| 16 |
> partition, so the new layout should be: - sda1 - unencrypted boot |
| 17 |
> (/boot) partition - sda2 - encrypted swap (at least as double as |
| 18 |
> your RAM) (crypt-swap) - sda3 - encrypted root (crypt-root) |
| 19 |
> |
| 20 |
> Can someone update this? |
| 21 |
> |
| 22 |
> Regards, Roland |
| 23 |
> |
| 24 |
> [1]: http://wiki.gentoo.org/wiki/DM-Crypt |
| 25 |
> |
| 26 |
|
| 27 |
In theory grub2 is able to open a luks-encrypted volume though it |
| 28 |
seems to have some disadvantages: you'll need to enter the passphrase |
| 29 |
(or pass the keyfile) two times, because grub itself needs to decrypt |
| 30 |
the volume to get the later stages from the encrypted volume and |
| 31 |
afterwards the decryption in the bootprocess itself takes place. |
| 32 |
|
| 33 |
I can't give any real advice about it though, because I use an |
| 34 |
unencrypted boot partition. Depending on your needs it could be an |
| 35 |
increase of security, because you can stop an attacker from injecting |
| 36 |
malicious code into your kernel (or replace it completely). |
| 37 |
|
| 38 |
WKR |
| 39 |
Hinnerk |
| 40 |
-----BEGIN PGP SIGNATURE----- |
| 41 |
Version: GnuPG v2.0.19 (GNU/Linux) |
| 42 |
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ |
| 43 |
|
| 44 |
iQEcBAEBAgAGBQJQRjxMAAoJEJwwOFaNFkYcWfcIAJvh9CxmlPeWTlJ8qMMb24tf |
| 45 |
8tCVPo7FjnELrOqHwccqRceC1/1kIfjfYy0BowbRBOAV49WEIt3WWZhySVcS5PzH |
| 46 |
mh30OVZZ1Gb94QjwUSoKb+4FfULpM8oVp3kpaxf11Ls7SlJgRkW4hiSNmEWGt/2Q |
| 47 |
RRgTQpkFp7W6b1sWnbnKY491iCsL657G90UK7lKe3qe15u7V0E8bY2XvzJrPSf4E |
| 48 |
K3V0mpHunLWDMbr0lfoezbeOEuqSfRdUlgQWw3Q4iCKBxFX5hh9ac5T8cne4xUJ7 |
| 49 |
OKp6HAYE3sl8othQ+ngMNVyu/vX6j0dCtZHgPtAZEDU1pjE33rjiaLXm15aCVbU= |
| 50 |
=AG8l |
| 51 |
-----END PGP SIGNATURE----- |
Archives