:: Re: [DNG] Complete system HDD encry…
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MHendrik Boom at <-
M 
Delete this message
Reply to this message
Author: Mason Loring Bliss
Date:  
To: g4sra
CC: dng
Subject: Re: [DNG] Complete system HDD encryption w/o LLVM.
On Tue, Sep 29, 2020 at 07:57:46PM +0100, g4sra via Dng wrote:

> > If you include the "initramfs" option in /etc/crypttab, keys noted in
> > entries marked with that will be automatically included.
> >
>
> Not in the scripts I had, they explicitly excluded any keys for the root
> filesystem because Debian Devs know better than me (including them in an
> initramfs is insecure).

Ah, sorry. I was thinking of filesystems to be unlocked, not key data
itself. I include "initramfs" in crypttab and I use passphrases on boot,
and that keyword is what enables the prompt for the filesystem(s) in
question. I sometimes have others that use keys that are on the encrypted
root, and those don't specify "initramfs" as they can wait until the normal
boot phase.

Only vaguely related, something I haven't played with yet that I'd like to: 

    https://github.com/latchset/clevis


-- 
Mason Loring Bliss    mason@???
They also surf, who only stand on waves.

This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] à chacun son goût (was: Is it worth the effort for SPF, DMARC, DKIM, etc.?)Re: [DNG] X11: safe to remove?->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)