> On 10/16/2016 07:43 AM, [email protected] wrote: >> I've been experimenting with both encrypted /boot partitions and booting >> from a hidden encrypted volume inside an outer encrypted volume, and >> have >> been successful with Debian based systems. I'd like to get it working >> with >> Qubes, but I've run into some issues. >> >> The implementation requires decrypting the volumes from grub, then a >> manual boot of the kernal and initram, then some pre-boot scripts added >> to >> the initramfs are needed to properly decrypt and mount the volumes and >> then re-scan and activate LVM volume groups during the handover between >> grub, initram and the final boot. However, the Qubes Mananger is >> non-functional after boot. >> >> I notice when booting from a normal install, Grub briefly displays >> something like: >> >> Loading Xen-4.6.1 >> Loading vmlinuz-4*** >> Loading intramfs-4*** >> >> In what way does the Xen image get loaded? I think this is what's >> missing >> from my boot sequence. If I'm going through the boot sequence manually, >> or >> loading the components from a bash script in initram, what needs to be >> done with the /boot/xen-4.6.1 file? >> >> Any help would be greatly appreciated. >> > > Have you thought about protecting your boot partition with > Anti-Evil-Maid? Or with coreboot? > > https://www.qubes-os.org/doc/anti-evil-maid/ > https://github.com/QubesOS/qubes-issues/issues/2118 > > Chris >
I'm trying to get a different kind of protection. In the boot folder there is one kernel and two initram images, and a xen image: vmlinuz-4.4.14-11.pvops.qubes.x86_64 initramfs-4.4.14-11.pvops.qubes.x86_64 initrd-plymouth.img xen-4.6.1.gz For manually booting from grub I need to specify the kernel and initram. I am using the vmlinuz and initramfs files, like so: grub> linux (lvm/vg-cryptroot)/boot/vmlinuz-4.4.14-11.pvops.qubes.x86_64 grub> initrd (lvm/vg-cryptroot)/boot/initramfs-4.4.14-11.pvops.qubes.x86_64 grub> boot How do I pass the xen image? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/1ba3c3beedc49e95a396c6980f3ca9af.webmail%40localhost. For more options, visit https://groups.google.com/d/optout.
