Originally posted by RahulSundaram
View Post
Announcement
Collapse
No announcement yet.
Fedora 30 Aims To Use LUKS2 By Default For Full-Disk Encryption
Collapse
X
-
-
Originally posted by darkbasic View Post
There are no other bootloaders capable of doing so.
For GRUB systems, our only real, universal option is Random File System+LUKS+GRUB.
That BTRFS encryption article has me a little excited at the possibility of using a file system native encryption for /boot (the main reason I'm one of those ZFS weirdos is because ZFS removes unnecessary layers by handling what LVM handles, what LUKS handles, etc). I'd love to simplify it to BTRFS+GRUB.
Leave a comment:
-
Originally posted by skeevy420 View Post
Then how is it "full disk encryption"? When I hear that, I assume "everything is encrypted" and not "everything* is encrypted".
* except /boot, good thing you read the fine print.
- Likes 2
Leave a comment:
-
Originally posted by stikonas View Post
You only need GRUB2 support for LUKS2 if you have encrypted /boot. I doubt that's how Fedora installs. They probably keep /boot unencrypted.
I'm aware that systemd-boot, efi-stub, and other methods can get around the GRUB2/LUKS2 limitation, but some of us are stuck with GRUB2 on our PC that came out right before UEFI and some of us like to keep multiple kernels installed and that is, AFAIK, something that sysd-boot doesn't support. I like to keep linux-current and linux-lts installed just in case current breaks.
* except /boot, good thing you read the fine print.
Leave a comment:
-
Originally posted by jokeyrhyme View PostI think I played with FDE in Fedora 28 or 29 a while back, and it gave me a password prompt at first boot, then another password prompt for my user account
I ended up abandoning FDE in favour of home-directory encryption via eCryptfs, which got me down to a single password prompt
The eCryptfs is not attractive to me since its maximum filename length is much lower (255 -> ~140) and I may hit this limit someday.
Leave a comment:
-
Originally posted by jokeyrhyme View PostI think I played with FDE in Fedora 28 or 29 a while back, and it gave me a password prompt at first boot, then another password prompt for my user account
I ended up abandoning FDE in favour of home-directory encryption via eCryptfs, which got me down to a single password prompt
I'm configuring my next setup in a similar manner -- LUKS for /boot on one disk and native ZFS encryption for everything else on the raid.
Leave a comment:
-
I think I played with FDE in Fedora 28 or 29 a while back, and it gave me a password prompt at first boot, then another password prompt for my user account
I ended up abandoning FDE in favour of home-directory encryption via eCryptfs, which got me down to a single password prompt
- Likes 1
Leave a comment:
-
Let someone include these patches http://grub.johnlane.ie/ into to grub2 eventually to have the full encryption including /boot. They exist for years. If not grub2 directly then maybe Fedora could apply them into their grub2 rpm.
- Likes 1
Leave a comment:
Leave a comment: