Le 27/08/2014 à 17h22, Andrei Borzenkov a écrit : > Wed, 27 Aug 2014 13:29:17 +0200 <[email protected]> wrote: >> I don’t understand what are “cryptdevice” or “cryptkey” args… > > They are unrelated to grub and interpreted by initrd of your > distribution.
Ok, I’ll ask there, thanks. >> Also, he found a way to integrate the decryption key in the initramfs of >> Parabola so that he only has to enter it within GRUB, and not again >> while boot. > > OTOH having key in plain text (or even reversible encryption) laying > on your disk somehow defeats its purpose ... Only encrypted, the whole disk is encrypted here. As I said, here GRUB is a payload for coreboot, so I don’t even need to have an unencrypted /boot, everything is encrypted, and GRUB decrypt the root filesystem to boot Linux. Then Linux need the key too… so I can either reenter a third password, pass it as an argument (but I heard Linux arguments were readable by all users when the system is running) or put it in the initramfs which is anyway already on device encrypted with the key it contains (so you need the key to get the key). >> b) is there a way to set up the GRUB password and decryption key the >> same so that the GRUB password can be used by cryptomount so that I only >> enter one password once? > > Unfortunately, no - user authentication and cryptomount are not passing > any information. Could be idea for next release. Oh :/ So I’ll have anyway to type two passwords… I’d be glad that would be fix in next release :D Thank you!
signature.asc
Description: PGP signature
_______________________________________________ Help-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-grub
