[dm-crypt] Integrate cryptsetup in bootloader

Christoph Anton Mitterer calestyo at scientia.net
Tue Nov 19 04:27:33 CET 2013


On Tue, 2013-11-19 at 09:20 +0700, Trinh Van Thanh wrote:
> Unencrypted boot partition is not safe for some special requirements.
> So I want to increase the secure level for full disk encryption using
> dm-crypt. Can I integrate cryptsetup in bootloader (example GRUB2) or
> is there any other solutions?

Integrating it in the bootloader doesn't really help you since then the
bootloader is the weak point.

In the end you'll always need an unencrypted kernel/initrd/bootloader...
so what one can do is booting from a USB stick,.. which you have always
with you... and then have a fully encrypted root-fs.


Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5165 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20131119/7b721d83/attachment.bin>


More information about the dm-crypt mailing list