[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unlock LUKS with login/password

Jeremy Stanley <fungi@yuggoth.org> writes:

> Disk encryption is great (when properly implemented) to protect
> sensitive information on your machine from prying eyes if it gets
> stolen, but unless you're putting sensitive data in /boot why go to the
> added trouble of encrypting it?

I think this is the key point: you should not be putting sensitive data in
/boot, and this is generally always avoidable (and architecturally better
to put it elsewhere).

I have put sensitive data in /boot in the past because reasons, so it's
not strictly true there is *never* a benefit, but I agree that this wasn't
a great architecture and there were better ways to do it.

Russ Allbery (rra@debian.org)              <https://www.eyrie.org/~eagle/>

Reply to: