Actually, plain dm-crypt has one distinct advantage to LUKS, and that is
one of plausible deniability. In some countries, you can be
court-ordered to decrypt the contents of a device if it can be proven
that encrypted contents exist. With LUKS, there is no denying it; with
plain dm-crypt and its lack of an encryption header, the device could
just as well have been overwritten with random data.
I boot my OS off of an encrypted thumb drive in libreboot using
"cryptomount -a (usb0)", so UUIDs don't matter to me at all. I
understand that for most users, this will not be the case, but I'm sure
that there are enough of us out there who could really make use of this
feature.
Also, for those like myself who want this feature for reasons of
plausible deniabilty, patching it ourselves is not an option, as going
to that length to include the feature would indicate that we are most
likely using it, thus throwing plausible deniability out the window. In
other words, to keep it plausible, it would have to be a stock feature
across the board.
Chris
On 2015-10-27 11:10, Vladimir 'phcoder' Serbinenko wrote:
There are patches for it but they will not be integrated as plain
dm-crypt
has no advantages compared to LUKS and cannot be configured reliably
when
device names change as they have no UUID
Le 27 oct. 2015 8:20 AM, <christopher.to...@riseup.net> a écrit :
Hello;
I apologize if this question has already been asked. A web search
didn't
turn anything up. Are there any plans to include plain dm-crypt
support in
a future version of grub?
Thank you.
Chris
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
