Full disk encryption without a boot partition

Pierre Abbat phma at bezitopo.org
Fri Dec 28 09:37:50 PST 2012

On Friday, December 28, 2012 12:28:02 mhca12 wrote:
> I've always wondered how well tested and supported it is to
> 'cryptsetup luksFormat' a volume on Linux and then use
> the same volume on both dfly and linux. Given that there's
> a also luks loader for Windows, this seems like a big advantage
> in favor of dfly out of the BSDs. What do you think?

Last I looked, ext4 doesn't work on DFly, and Hammer doesn't work on Linux. 
But I use cryptsetup and luks on both.

> The biggest issue I have with full disk encryption on Linux is
> the requirement for initrd (initial ramdisk) and that you cannot
> use a no-kernel-modules kernel. Someday I will research this
> and find out if it cannot be avoided.

I've always left the root partition unencrypted. My setups are like this:
darner (DFly): /crypt, /olv, and /backup are encrypted on a 500 GB drive; the 
rest is plaintext on a 60 GB drive. I got the 500 GB drive later, so it was an 
caracal (Ubuntu laptop, the one that can't run DragonFly): /,  /olv and /usr 
plaintext, /home and /var encrypted. It has two separate disks, both with LVM 
volume groups, one of which is encrypted.
leopard (Ubuntu): /, /olv, /usr, /var plaintext, /home and /backup encrypted.
zyxomma (future DFly with SSD and HDD): /home, /usr/obj, /usr/src, and 
/usr/pkgsrc on encrypted HDD, the rest on plaintext SSD. It'll be my gateway, 
so it has to boot up even if I'm not here to type in the password.

Don't buy a French car in Holland. It may be a citroen.

More information about the Users mailing list