On Mar 08, Alexey Kuznetsov <kuznetsov.alexey@gmail.com> wrote: > 1) grub can ask for a login/password, then MD5 the text and unlock the LUKS Forget about this part: encrypted /boot/ is pointless from a security point of view and this complexity does not belong in the boot loader. Once you accept this then you will end up with a design very similar to https://www.freedesktop.org/wiki/Specifications/login-unlock/ . So you would need to implement having Plymouth or whatever else storing the credentials in the kernel keyring and then probably a PAM module that will make them available to the rest of the stack (notably pam_gnome_keyring). -- ciao, Marco
Attachment:
signature.asc
Description: PGP signature