yes its possible, do you want to encrypt /boot and /root separately so you will need a different password for each partition, or do you want to encrypt it all together with 2fa etc?
The first one is relatively easy, you will have to modify the grub.cfg of your coreboot image.Also, the uuid will have to match, you can either do a "normal" install and change the uuid in the grub.cfg, or change the uuid of /root. check out the libreboot-side, there should be all the necessary information. I will write a tutorial some day. cheers On 9/18/18 1:02 PM, 'awokd' via qubes-users wrote: > get: >> FDE in my understanding this is a scheme partition look like >> >> sda 8:0 0 99999,9G 0 disk >> └─sda1 8:1 0 99999,9G 0 LUKS >> └──luks-<UUID> crypt >> ├─qubes_dom0-boot lvm /boot (encrypted) >> ├─qubes_dom0-swap lvm [SWAP] (encrypted) >> └─qubes_dom0-root lvm / (encrypted) >> >> FDE = cryptsetup whole disk (including /boot). Not only root partition. >> Anaconda can't do it by default. Installation success only with grub missing. >> OS research HEADS can't kexec into FDE disk. >> >> Is it only possible to boot from grub2 coreboot ? >> >> cryptomount -a >> set root='hd0,msdos1' >> linux=... vmlinuz=... >> >> I have been trying to do the coreboot firmware for a month already >> to get a load of Qubes with full disk encryption (including /boot). Is it >> possible? Can anyone help me ?:) > I've seen others on this list report it as successful, but haven't done > it myself. I think they had to use the Seabios payload for the initial > install, then switch to coreboot's grub2. Afraid that's about all I know... > -- Kind Regards Jonathan Seefelder CryptoGS IT-Security Solutions -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/439d4e54-7594-7e87-704f-884c346a2a44%40seefelder-web.de. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
