Re: Hmmm... /boot is too small. what's the best way to increase it's size?
On Mon 11 May 2020 at 10:27:48 (-0400), Celejar wrote:
> On Mon, 11 May 2020 07:36:27 -0400 Greg Wooledge <wooledg@eeg.ccf.org> wrote:
> > On Sat, May 09, 2020 at 10:05:40PM -0700, Will Mengarini wrote:
> > > * Rick Thomas <rick.thomas@pobox.com> [20-05/09=Sa 20:05 -0700]:
> > > > [...] died for lack of space in /boot [...]
> > >
> > > Long ago I stopped bothering with a separate /boot, and behold, I yet
> > > live. ISTR the Debian installer doesn't default to creating one either.
> >
> > Unless you're doing some kind(s) of disk encryption. Which apparently is
> > a thing that some laptop users go for in a major way.
>
> And some desktop / server users. I'd rather not have to worry about the
> sensitive data on my disks when I decommission them / they fail.
I'm surprised that more people aren't concerned about theft, and also
their increasing obligations under confidentiality/privacy rules/laws.
> > As a non-laptop person, my understanding is that, at least with some
> > implementations of disk encryption, you need an UN-encrypted /boot to
> > get the whole thing started. After that, the root file system and any
> > other local file systems can be encrypted, and the code from /boot will
> > be able to prompt you for the passphrase or whatever.
>
> Yes. FDE including boot is doable, but it takes more work (and isn't
> necessarily worth it, depending on the threat model - see above):
I don't encrypt root because it's far too useful to be able to remotely
boot up. To keep things simple, I set up my laptops similarly, except
that unlocking is earlier, in the boot sequence rather than after the
system is fully up.
> https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html
I notice that this page (of 09 Jun 2019) mentions a typical /boot
partition of 256MB, and laments not being able to reclaim the space
if /boot is merged into the root filesystem.
Cheers,
David.
Reply to: