Am Thu, 25 May 2017 08:34:10 +0200 schrieb "J. Roeleveld" <jo...@antarean.org>:
> It is possible. I have it set up like that on my laptop. > Apart from a small /boot partition. The whole drive is encrypted. > Decryption keys are stored encrypted in the initramfs, which is > embedded in the kernel. And the kernel is on /boot which is unencrypted, so are your encryption keys. This is not much better, I guess... > On May 25, 2017 12:40:12 AM GMT+02:00, Rich Freeman > <ri...@gentoo.org> wrote: > >On Wed, May 24, 2017 at 2:16 PM, Andrew Savchenko > ><birc...@gentoo.org> wrote: > >> > >> Apparently it is pointless to encrypt swap if unencrypted > >> hibernation image is used, because all memory is accessible through > >> that image (and even if it is deleted later, it can be restored > >> from hdd and in some cases from ssd). > >> > > > >Yeah, that was my main concern with an approach like that. I imagine > >you could use a non-random key and enter it on each boot and restore > >from the encrypted swap, though I haven't actually used hibernation > >on linux so I'd have to look into how to make that work. I imagine > >with an initramfs it should be possible. -- Regards, Kai Replies to list-only preferred.
