Re: Unlock LUKS with login/password
Jeremy Stanley <firstname.lastname@example.org> writes:
> Disk encryption is great (when properly implemented) to protect
> sensitive information on your machine from prying eyes if it gets
> stolen, but unless you're putting sensitive data in /boot why go to the
> added trouble of encrypting it?
I think this is the key point: you should not be putting sensitive data in
/boot, and this is generally always avoidable (and architecturally better
to put it elsewhere).
I have put sensitive data in /boot in the past because reasons, so it's
not strictly true there is *never* a benefit, but I agree that this wasn't
a great architecture and there were better ways to do it.
Russ Allbery (email@example.com) <https://www.eyrie.org/~eagle/>