Actually, since SeaBIOS is most likely mandatory for this board, I'm not sure
signing the kernel and GRUB password is worth it. That makes SeaBIOS
accessible anyway, so...
So I'll stick with:
- SeaBIOS only. GRUB is useless in this case, only an unnecessary step (full
disk encryption impossible, kernel signing which is too much work). Bonus:
slightly better boot time I guess.
And there's no aes module existing in GRUB. There's a "gcry_seed - This
module provides support for the SEED (block cypher) cryptography tool.", but
I'm done trying.
- basic encryption with /boot unencrypted
- keyfiles (rather easy, after all)
That's all for this board. Nearly 6 months, all for this haha...
The info is hard to find, how could I have done it better/faster?
Oh well, at least I've learned a few things along the way.
But I'm done doing that kind of complicated sh*t.
