Re: Decrypting LUKS from initramfs; was: Re: ext2 for /boot ???
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
On 30/09/18 16:44, deloptes wrote:
> Celejar wrote:
>
>> But grub itself and its configuration can't be encrypted, so an
>> attacker could still compromise that code / data. IIUC, your
>> solution basically just implies moving some of the logic
>> currently in the initramfs into grub.
>
> Yes, this is the point I am making.
>
>> One solution is to run grub from removable media, and preventing
>> attackers from getting physical access to it ...
You can sometimes do remote mounting in something like HP's iLO ....
you could mount a floppy or ISO image and boot it with the image only
being available from a client machine using iLo. But it won't work
for machines without such capability.
Cheers
A.
-----BEGIN PGP SIGNATURE-----
iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCW7CfdgAKCRCoFmvLt+/i
+zdRAQDLYu/z/LeeYe0rEmjRhzOU/K9zFPOWiICf/1elYU1htQEAq8YIRVub6kjb
Kw142B0ig3S0CkEY39l4Jq0IRbipGlY=
=BYHj
-----END PGP SIGNATURE-----
Reply to: