Re: system drive encryption question

To: Rick Thomas <rbthomas@pobox.com>, FHDATA <fhdata@unm.edu>
Cc: debian-user List Debian <debian-user@lists.debian.org>
Subject: Re: system drive encryption question
From: Nathanael Schweers <Nathanael.Schweers@outdooractive.com>
Date: Thu, 6 Apr 2017 11:10:31 +0000
Message-id: <[🔎] 87efx5zt99.fsf@outdooractive.com>
In-reply-to: <[🔎] 3EAB29A5-73DE-463D-A69B-F45F8A8401FC@pobox.com>
References: <[🔎] alpine.LRH.2.20.1704051730260.8400@triton.unm.edu> <[🔎] 3EAB29A5-73DE-463D-A69B-F45F8A8401FC@pobox.com>

Rick Thomas <rbthomas@pobox.com> writes:
> I used to do this.  It worked very well before Jessie came along.
>
> You need an un-encrypted /boot partition to hold the kernel and
> initrd, of course…

This is not true, although I also thought it to be the case.

Grub2 can handle LUKS, so it is possible to encrypt the whole disk.

I recently stumbled across a post where the procedure is explained using
archlinux as an example.  I’m not sure whether debian includes a version
of Grub which can also do so, but in principle an unencrypted /boot
partition is not needed.

This is the post in question:
http://dustymabe.com/2015/07/06/encrypting-more-boot-joins-the-party/

Regards,
Nathanael Schweers

Reply to:

Follow-Ups:
- Re: system drive encryption question
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

References:
- system drive encryption question
  - From: FHDATA <fhdata@unm.edu>
- Re: system drive encryption question
  - From: Rick Thomas <rbthomas@pobox.com>

Prev by Date: Re: If Linux Is About Choice, Why Then ...
Next by Date: Re: Almost all gpg2 operations hang after upgrade to stretch/testing
Previous by thread: Re: system drive encryption question
Next by thread: Re: system drive encryption question
Index(es):
- Date
- Thread