Web lists-archives.com

Re: Possible for full-disk encryption to encrypt /boot as well?




On Fri, 25 May 2018 17:33:54 -0700 Robert Dodier said:

> It may be true that encrypted /boot is not really relevant, but I
> don't want to try to argue with tech support staff that a system with
> unencrypted /boot is close enough. I feel like it needs to be all or
> nothing in order for me to press this issue with them.

Or you can offer them a setup more than full-disk encryption: Put the
(unencrypted) /boot on a USB stick, and the rest of the system on fully
encrypted disk.

* With full disk encryption (Linux or Windows) all one needs is the pass-phrase.
* With /boot on USB stick, one needs both the key (the stick) and the
  pass-phrase.

At any rate, it is technically "full disk encryption" - there's nothing
unencrypted on hard drive, is there? :)

Regards
-- 
Abdullah Ramazanoğlu