[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Hmmm... /boot is too small. what's the best way to increase it's size?

On Mon, 11 May 2020 07:36:27 -0400
Greg Wooledge <wooledg@eeg.ccf.org> wrote:

> On Sat, May 09, 2020 at 10:05:40PM -0700, Will Mengarini wrote:
> > * Rick Thomas <rick.thomas@pobox.com> [20-05/09=Sa 20:05 -0700]:
> > > [...] died for lack of space in /boot [...]
> > 
> > Long ago I stopped bothering with a separate /boot, and behold, I yet
> > live.  ISTR the Debian installer doesn't default to creating one either.
> 
> Unless you're doing some kind(s) of disk encryption.  Which apparently is
> a thing that some laptop users go for in a major way.

And some desktop / server users. I'd rather not have to worry about the
sensitive data on my disks when I decommission them / they fail.

> As a non-laptop person, my understanding is that, at least with some
> implementations of disk encryption, you need an UN-encrypted /boot to
> get the whole thing started.  After that, the root file system and any
> other local file systems can be encrypted, and the code from /boot will
> be able to prompt you for the passphrase or whatever.

Yes. FDE including boot is doable, but it takes more work (and isn't
necessarily worth it, depending on the threat model - see above):

https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html

Celejar
Reply to: