1 |
Am Thu, 25 May 2017 08:34:10 +0200 |
2 |
schrieb "J. Roeleveld" <joost@××××××××.org>: |
3 |
|
4 |
> It is possible. I have it set up like that on my laptop. |
5 |
> Apart from a small /boot partition. The whole drive is encrypted. |
6 |
> Decryption keys are stored encrypted in the initramfs, which is |
7 |
> embedded in the kernel. |
8 |
|
9 |
And the kernel is on /boot which is unencrypted, so are your encryption |
10 |
keys. This is not much better, I guess... |
11 |
|
12 |
> On May 25, 2017 12:40:12 AM GMT+02:00, Rich Freeman |
13 |
> <rich0@g.o> wrote: |
14 |
> >On Wed, May 24, 2017 at 2:16 PM, Andrew Savchenko |
15 |
> ><bircoph@g.o> wrote: |
16 |
> >> |
17 |
> >> Apparently it is pointless to encrypt swap if unencrypted |
18 |
> >> hibernation image is used, because all memory is accessible through |
19 |
> >> that image (and even if it is deleted later, it can be restored |
20 |
> >> from hdd and in some cases from ssd). |
21 |
> >> |
22 |
> > |
23 |
> >Yeah, that was my main concern with an approach like that. I imagine |
24 |
> >you could use a non-random key and enter it on each boot and restore |
25 |
> >from the encrypted swap, though I haven't actually used hibernation |
26 |
> >on linux so I'd have to look into how to make that work. I imagine |
27 |
> >with an initramfs it should be possible. |
28 |
|
29 |
|
30 |
-- |
31 |
Regards, |
32 |
Kai |
33 |
|
34 |
Replies to list-only preferred. |