On Mon, 16 Nov 2020 18:56:56 +0100 Jonathan Brielmaier <jonathan.brielma...@web.de> wrote:
> We have now pretty good LUKS support, but I don't know if we support > this use case. I always have `/boot` encrypted as well... Unencrypted /boot and encrypted / is necessary to be able to use Heads (right now). (It measures /boot in order to find out whether it has been tampered with or not) If you want to be able to boot on a Heads system, either Heads needs to be modified to mount encrypted / , or there needs to be an unencrypted /boot.
pgpMMwvzeC7ai.pgp
Description: OpenPGP digital signature