Tweet
Originally posted by skeevy420
View Post
-
"Full disk" is typically used as a moniker to differentiate it from per file encryption or home only encryption solutions. Given the lack of support in Grub2, usually distributions leave /boot unencrypted. You just have to accept that compromise or switch to a different bootloader if your system supports it
-
There are no other bootloaders capable of doing so.Originally posted by RahulSundaram View Post## VGA ##
AMD: X1950XTX, HD3870, HD5870
Intel: GMA45, HD3000 (Core i5 2500K)Comment
-
systemd-boot does....but my system doesn't support that....Originally posted by darkbasic View Post
For GRUB systems, our only real, universal option is Random File System+LUKS+GRUB.
That BTRFS encryption article has me a little excited at the possibility of using a file system native encryption for /boot (the main reason I'm one of those ZFS weirdos is because ZFS removes unnecessary layers by handling what LVM handles, what LUKS handles, etc). I'd love to simplify it to BTRFS+GRUB.Comment
-
SUSE doesn't leave /boot unencrypted. GRUB & /boot become their own LVM+LUKS partition that's separated from the rest. Given the limitations (bios/uefi and software), it's an acceptable solution IMHO. I hope Fedora has a similar method as an install option (I do the same thing for my ZFS on Root systems). It's not the same encryption used full disk, but it is full disk encryption (and it should be simple enough to upgrade to LUKS2 whenever/if GRUB supports it).Originally posted by RahulSundaram View Post
Comment
Comment