Hello, I’m trying to set up a secure —the most I can— X60t with libreboot on it and GRUB as a payload. GNUtoo recommended me to set a password to GRUB to stop potential attacker to execute any code on the machine that could reflash the SPI chip, and then to encrypt the *entire* disk and decrypt it with GRUB only.
I can see his GRUB configuration on Parabola wiki, here: <https://wiki.parabolagnulinux.org/User:GNUtoo/laptop#Coreboot_Setup>. But I don’t understand what are “cryptdevice” or “cryptkey” args… Also, he found a way to integrate the decryption key in the initramfs of Parabola so that he only has to enter it within GRUB, and not again while boot. I’d have two questions: a) since I don’t know yet how to put the key in the Debian initramfs, is there a way to pass it as an argument to Linux instead? so that it’s more portable and I only have to set up correctly GRUB and not have to remember modifying the distro I install? b) is there a way to set up the GRUB password and decryption key the same so that the GRUB password can be used by cryptomount so that I only enter one password once? Thanks for any help ^^
signature.asc
Description: PGP signature
_______________________________________________ Help-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-grub
