Dear Andrei,

Thank you for your reply.


Am 20.02.2018 um 05:41 schrieb Andrei Borzenkov:
20.02.2018 01:16, Paul Menzel пишет:

Having a system with UEFI, what is the state of the art to use full disk
encryption? I read the article in the Arch Linux wiki [1], and it still
using GRUB. There is an blog post from 2016 using systemd-boot [2].

If your kernel or initrd are located on encrypted filesystem you need
bootloader that can read them.

And can systemd-boot read it?

If there was a way without LVM, I’d prefer that.

It has always been possible, the question is to which extent individual
distributions made it easy to setup. openSUSE Tumbleweed/Leap 15
installer finally offers native encryption of plain partition without LVM.

That’s great news. To my knowledge, the Debian Installer (Debian 9 (stretch)) isn’t able to do it.

Are there new programs or features in the systemd ecosystem making the
setup easy?

I'd say it is more initramfs implementation question - initramfs is
responsible for actually mounting your root.

What are the options? Initramfs and Dracut, right?


Kind regards,

Paul


[1] https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system
[2] 
https://blog.urbanslug.com/posts/2016-09-11-dm-crypt-systemd-boot-and-efi-on-archlinux.html
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to