[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LVM passphrase

Hello,

On Tue, Dec 28, 2021 at 10:00:51PM +0000, Andrew M.A. Cater wrote:
> On Wed, Dec 29, 2021 at 08:55:29AM +1100, David wrote:
> > I don't know about Grub asking for passwords, because I don't
> > encrypt boot partitions. But if the question is about the initrd
> > password prompt, then ...
> 
> Encrypting boot partitions would be hard - how would you get to the
> point of entering a passphrase ... this is why "encrypted LVM setup" _doesn't_
> encrypt boot in the default settings from the Debian partitioner.

grub2 does support unlocking LUKS so some people do encrypt /boot
and have grub2 unlock it, but this isn't yet supported in the Debian
installer so it seems unlikely that Polyna-Maude has done this.

    https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html

If Polyna-Maude *has* done this, then the above link does also give
some hints as to how to reduce the number of times a passphrase is
asked.

Otherwise if the use of LUKS is more conventional (unencrypted
/boot, initramfs unlocks /) then Polyna-Mause may want to look in to
ephemeral passphrase for swap that is set on every boot. Or perhaps
just using a swapfile inside / so as to not have an extra block
device to encrypt.

Possibly more information needed as to what the OP's setup actually
is.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting
Reply to: