On 2018-04-05 19:38, 799 wrote:
Nice how-to, I'm currently writing something similar for my X230.

Would you mind adding your howto to the Qubes Community doc
repository, which we've established to work on howtos and docs until
they're easy to be migrated to the official Qubes Docs.
If you agree, I can also add your notes there, mentioning you as the
original author.

Hello, no problem as I said it is copyleft. Where's the Qubes Community repository?

I'd like to use grub as payload but without using encrypted boot as I
am afraid to damage my production Qubes environment and loosing time
fixing it.

What do I need to do, if I would like to just use Grub and leave my
boot untouched?

As far as I understand the benefit of having Grub as payload is to be
able to encrypt /boot.
Does this mean than include that it makes no sense to run Grub instead
of SeaBIOS without having boot encrypted?


The advantage of using SeaBIOS is that it should be able to launch the Grub on the original /boot partition which means that Grub config will be updated with system updates and that boot options can be changed without the need to re-flash. Also probably SeaBIOS do have more low level configuration options similar to a vendor BIOS.

Honestly the process of encrypting /boot went far smoother than I expected, it actually worked on the first try (even though I did a full dd backup copy of the whole disk before and kept also a Grub entry to boot the old way). All included it took less than a day for the transition.

The other benefit apart from encrypting /boot is a faster boot process i'd say and maybe a little more security: don't know if it's possible for SeaBIOS (probably yes) but i configured Grub to ask for a user and password for every non standard option in the menu (ex: modifying an entry or using the command line), this way it should be very difficult to boot an external media.

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to