Full disk encryption without a boot partition
Alex Hornung
alex at alexhornung.com
Thu Dec 27 14:00:51 PST 2012
On 27/12/12 22:13, mhca12 wrote:
> On Thu, Dec 27, 2012 at 10:08 PM, Alex Hornung <alex at alexhornung.com> wrote:
>> On 26/12/12 22:19, mhca12 wrote:
>>> Are there any plans or is there already support for full
>>> disk encryption without the need for a boot partition?
>>
>> No, the userland tool that sets up the decryption of the root partition,
>> as well as the kernel and modules need to be somewhere that is not
>> encrypted - otherwise the boot loader would need to support the disk
>> encryption.
>
> Seems like OpenBSD 5.2's bootloader can do that.
> Any idea how they did it?
I didn't say that it's impossible, I just stated what would be
required. There are no plans to do any such thing in DragonFly BSD, as
there is pretty much no point. Doing it in any other way than with the
separate /boot partition overcomplicates everything by an order of
magnitude (since, for example, the setup cannot occur in userland
anymore) for no real benefit.
Cheers,
Alex
More information about the Users
mailing list