Web lists-archives.com

Re: system drive encryption question




Rick Thomas <rbthomas@xxxxxxxxx> writes:
> I used to do this.  It worked very well before Jessie came along.
>
> You need an un-encrypted /boot partition to hold the kernel and
> initrd, of course…

This is not true, although I also thought it to be the case.

Grub2 can handle LUKS, so it is possible to encrypt the whole disk.

I recently stumbled across a post where the procedure is explained using
archlinux as an example.  I’m not sure whether debian includes a version
of Grub which can also do so, but in principle an unencrypted /boot
partition is not needed.

This is the post in question:
http://dustymabe.com/2015/07/06/encrypting-more-boot-joins-the-party/

Regards,
Nathanael Schweers