Full disk encryption without a boot partition
Pierre Abbat
phma at bezitopo.org
Fri Dec 28 09:37:50 PST 2012
On Friday, December 28, 2012 12:28:02 mhca12 wrote:
> I've always wondered how well tested and supported it is to
> 'cryptsetup luksFormat' a volume on Linux and then use
> the same volume on both dfly and linux. Given that there's
> a also luks loader for Windows, this seems like a big advantage
> in favor of dfly out of the BSDs. What do you think?
Last I looked, ext4 doesn't work on DFly, and Hammer doesn't work on Linux.
But I use cryptsetup and luks on both.
> The biggest issue I have with full disk encryption on Linux is
> the requirement for initrd (initial ramdisk) and that you cannot
> use a no-kernel-modules kernel. Someday I will research this
> and find out if it cannot be avoided.
I've always left the root partition unencrypted. My setups are like this:
darner (DFly): /crypt, /olv, and /backup are encrypted on a 500 GB drive; the
rest is plaintext on a 60 GB drive. I got the 500 GB drive later, so it was an
afterthought.
caracal (Ubuntu laptop, the one that can't run DragonFly): /, /olv and /usr
plaintext, /home and /var encrypted. It has two separate disks, both with LVM
volume groups, one of which is encrypted.
leopard (Ubuntu): /, /olv, /usr, /var plaintext, /home and /backup encrypted.
zyxomma (future DFly with SSD and HDD): /home, /usr/obj, /usr/src, and
/usr/pkgsrc on encrypted HDD, the rest on plaintext SSD. It'll be my gateway,
so it has to boot up even if I'm not here to type in the password.
Pierre
--
Don't buy a French car in Holland. It may be a citroen.
More information about the Users
mailing list