вторник, 18 сентября 2018 г., 20:02:19 UTC+3 пользователь awokd написал: > get: > > FDE in my understanding this is a scheme partition look like > > > > sda 8:0 0 99999,9G 0 disk > > └─sda1 8:1 0 99999,9G 0 LUKS > > └──luks-<UUID> crypt > > ├─qubes_dom0-boot lvm /boot (encrypted) > > ├─qubes_dom0-swap lvm [SWAP] (encrypted) > > └─qubes_dom0-root lvm / (encrypted) > > > > FDE = cryptsetup whole disk (including /boot). Not only root partition. > > Anaconda can't do it by default. Installation success only with grub > > missing. > > OS research HEADS can't kexec into FDE disk. > > > > Is it only possible to boot from grub2 coreboot ? > > > > cryptomount -a > > set root='hd0,msdos1' > > linux=... vmlinuz=... > > > > I have been trying to do the coreboot firmware for a month already > > to get a load of Qubes with full disk encryption (including /boot). Is it > > possible? Can anyone help me ?:) > > I've seen others on this list report it as successful, but haven't done > it myself. I think they had to use the Seabios payload for the initial > install, then switch to coreboot's grub2. Afraid that's about all I know...
Hi, awokd. I agree, this is also the only way I know. http://www.zerocat.org/coreboot-machines/md_doc_build-coreboot-x220.html http://www.zerocat.org/coreboot-machines/md_doc_build-coreboot-x230.html Do you mean that? seabios (main) + grub2(elf payload) I'm trying to learn HEADS, but it's quite difficult. there is a built-in cryptsetup and kexec. but I have not yet found the information how to boot without a loader to FDE Qubes (include /boot use kexec. Also branch "master" only 4.7 coreboot version, found this https://github.com/flammit/heads/tree/coreboot-4.8 I can not compile (build fails). Also I tried to add gpg keys to the firmware https://libreboot.org/docs/gnulinux/grub_hardening.html#GPG keys cfbstool test.rom print - writes that everything is fine, but after the flash firmware in the heads (initrd/etc/.gnupg) there are no keys seal-totp works strange. Have you any experience? unfortunately, too little information is available -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fddee08c-0703-4540-bb53-0d220ae927c6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
