On 2018-08-02T02:24:31-0600, Chris Marusich <[email protected]> wrote:
> > Doing a full LUKS-encryption on root, including /boot results in > > very slow unlocking at boot (about 30 secs even with --iter set to > > 1000). Is there any way to do an unencrypted /boot with an > > encrypted root? > At that stage, is it GRUB that is unlocking the encrypted volume? If > so, I think this is normal. > For what it's worth, GRUB is slow in unlocking my encrypted volumes, > too. It takes about 30 seconds for me, too. If you're concerned, > you can try using cryptsetup's --iter-time option to lower the number > of iterations, but keep in mind that will also make it easier to > crack your passphrase. Originally I had --iter set to '5000' and it took about 4 minutes to unlock! I've shifted to using an unencrypted root and an encrypted /home as a compromise that boots faster (and only requests the password once). -- Benjamin Slade - https://babbagefiles.xyz `(pgp_fp: ,(21BA 2AE1 28F6 DF36 110A 0E9C A320 BBE8 2B52 EE19)) '(sent by mu4e on Emacs running under GNU/Linux . https://gnu.org ) `(Choose Linux ,(Choose Freedom) . https://linux.com )
