Encrypted /boot

To: debian-boot@lists.debian.org
Subject: Encrypted /boot
From: autosend@riseup.net
Date: Mon, 17 Dec 2018 13:55:18 +0000
Message-id: <[🔎] 20181217135518.nsylyphgg4ldbtio@localhost.0.0.1>

I have managed to find a way to trick the Debian installer into encrypting the
/boot partition, so that only the MBR GRUB portion of the hard drive is
unencrypted.
This means the password must be input twice at boot, but on the plus side, the
Linux kernel lives in /boot, so the system is better protected.

Are you interested in how I did this? I have a full step-by-step guide which I
have tried to minimize as much as possible.
I was hoping it could be engineered into a guided installation option.

Note: it only involved one reboot back into the installer environment.

Also, I did it with GPT, which is also something that D-I should support,
especially when it comes to encrypted disks (GPT stores a couple backups of the
partition table).

Reply to:

Follow-Ups:
- Re: Encrypted /boot
  - From: Cyril Brulebois <kibi@debian.org>

Prev by Date: Re: [console-setup] udebs declared as Multi-Arch: foreign
Next by Date: Re: Bug#906016: transition: gjs built with mozjs60
Previous by thread: Re: [debian-installer] Call to update translations for Buster
Next by thread: Re: Encrypted /boot
Index(es):
- Date
- Thread