:: Re: [DNG] Complete system HDD encry…
Top Page
Delete this message
Reply to this message
Author: Mason Loring Bliss
To: g4sra
CC: dng
Subject: Re: [DNG] Complete system HDD encryption w/o LLVM.
On Tue, Sep 29, 2020 at 07:57:46PM +0100, g4sra via Dng wrote:

> > If you include the "initramfs" option in /etc/crypttab, keys noted in
> > entries marked with that will be automatically included.
> >
> Not in the scripts I had, they explicitly excluded any keys for the root
> filesystem because Debian Devs know better than me (including them in an
> initramfs is insecure).

Ah, sorry. I was thinking of filesystems to be unlocked, not key data
itself. I include "initramfs" in crypttab and I use passphrases on boot,
and that keyword is what enables the prompt for the filesystem(s) in
question. I sometimes have others that use keys that are on the encrypted
root, and those don't specify "initramfs" as they can wait until the normal
boot phase.

Only vaguely related, something I haven't played with yet that I'd like to:


Mason Loring Bliss    mason@???
They also surf, who only stand on waves.