:: Re: [DNG] Complete system HDD encry…
Startseite
Nachricht löschen
Nachricht beantworten
Autor: Mason Loring Bliss
Datum:  
To: Андрей via Dng
Betreff: Re: [DNG] Complete system HDD encryption w/o LLVM.
On Tue, Sep 29, 2020 at 08:58:42PM +0700, Андрей via Dng wrote:

> Question is, Is it possible to to achieve same goal without LLVM --
> i.e. to partition system HDD with fdisk, and then still have full
> encryption?


Yes, or at least, mostly. There needs to be unencrypted data that contains
the decryption code. GRUB itself can handle LUKS decryption, but that
would involve a manual installation.

There are a number of ways to encrypt a system, in any event, and you can
certainly use the "manual" partitioning in the Debian installer to set up a
system that's largely encrypted, without LVM, but remember to supply an un-
encrypted /boot, as unless something's changed very recently, Debian (and
Devuan by extension) doesn't know to configure GRUB to unlock an encrypted
/boot.

I found this that talks about encrypted /boot (or /boot on encrypted root)
but it would require manual installation, and I'm not sure how easy it'd be
to adapt Debian's GRUB scaffolding to accomodate it. Might be easy, might
be nearly impossible. But:

    https://wiki.archlinux.org/index.php/Grub#Encrypted_/boot


--
Mason Loring Bliss (( If I have not seen as far as others, it is because
mason@??? )) giants were standing on my shoulders. - Hal Abelson