Thank you Ellen for the good summary. I knew most but in less detail. On Sat, Apr 04, 2020 at 10:12:46AM +0200, Ellen Papsch wrote: > Am Freitag, den 03.04.2020, 21:44 +0200 schrieb pelzflorian (Florian > Pelz): > > But it would still be possible for an attacker […] > Yes, though it should not be so easy like with unprotected /boot > partition.
So the better solution would be a better GRUB instead of unprotected /boot. Could key files help in passing the passphrase on to the Linux kernel? The Arch Wiki says this: <https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#With_a_keyfile_embedded_in_the_initramfs>. Keyboard layouts then will only all work properly everywhere once fixed in GRUB. Regards, Florian
