[dm-crypt] Integrate cryptsetup in bootloader
Christoph Anton Mitterer
calestyo at scientia.net
Tue Nov 19 04:27:33 CET 2013
On Tue, 2013-11-19 at 09:20 +0700, Trinh Van Thanh wrote:
> Unencrypted boot partition is not safe for some special requirements.
> So I want to increase the secure level for full disk encryption using
> dm-crypt. Can I integrate cryptsetup in bootloader (example GRUB2) or
> is there any other solutions?
Integrating it in the bootloader doesn't really help you since then the
bootloader is the weak point.
In the end you'll always need an unencrypted kernel/initrd/bootloader...
so what one can do is booting from a USB stick,.. which you have always
with you... and then have a fully encrypted root-fs.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5165 bytes
Desc: not available
More information about the dm-crypt