security risk? that doesn't make much sense... in normal installs both /boot and the luks headers are lying there on the disks unencrypted. i don't see how packing the luks headers into the initramfs (/boot) could make that any worse?
i'm not a linux guru by any means, but AFAIU: - grub loads the kernel and the initramfs (from /boot, but not as a normal mount, but as some lower level infrastructure) - jumps to the kernel entry point address, passing it the initramfs as a memory address. at this point nothing is mounted. - boot scripts in initramfs start to get executed and reach the point of mounting rootfs. at this point /boot is probably not mounted yet, but i don't see any obvious obstacles why it couldn't be mounted before the rootfs, except that i have no clue about how linux mount work. rootfs gets mounted as / after all, maybe that's a headache if there's stuff like /boot already mounted. thanks for looking into this! plausible deniability is becoming more and more important now that poeple go to jail even in the the western "free" democracies for as little as not giving out passwords... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1223622 Title: add support for crypttab mounting of luks devices with detached headers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/1223622/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs